From sle-container-updates at lists.suse.com Thu Aug 1 07:04:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:04:33 +0200 (CEST) Subject: SUSE-CU-2024:3323-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240801070433.9F4E6F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3323-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.5 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.5 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:06:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:06:55 +0200 (CEST) Subject: SUSE-CU-2024:3325-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240801070655.57A8FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3325-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.5 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.3.9.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.3.9.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:07:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:07:39 +0200 (CEST) Subject: SUSE-CU-2024:3327-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240801070739.A74D8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3327-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.3.7 Container Release : 3.7 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:08:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:08:00 +0200 (CEST) Subject: SUSE-CU-2024:3328-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240801070800.1A455F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3328-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.4 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.4 Container Release : 5.4 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:10:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:10:46 +0200 (CEST) Subject: SUSE-CU-2024:3329-1: Security update of bci/bci-init Message-ID: <20240801071046.2F4E0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3329-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.23.13 Container Release : 23.13 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:11:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:11:43 +0200 (CEST) Subject: SUSE-CU-2024:3331-1: Security update of bci/nodejs Message-ID: <20240801071143.3850BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3331-1 Container Tags : bci/node:18 , bci/node:18-26.14 , bci/nodejs:18 , bci/nodejs:18-26.14 Container Release : 26.14 Severity : important Type : security References : 1219660 916845 CVE-2013-4235 CVE-2024-24577 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2656-1 Released: Tue Jul 30 15:36:08 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - git-core-2.35.3-150300.10.42.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:12:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:12:35 +0200 (CEST) Subject: SUSE-CU-2024:3332-1: Security update of bci/openjdk-devel Message-ID: <20240801071235.1F988F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3332-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-23.20 Container Release : 23.20 Severity : important Type : security References : 1214980 1218640 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227298 1227918 1228046 1228047 1228048 1228050 1228051 1228052 1228322 916845 CVE-2013-4235 CVE-2023-5388 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2296-1 Released: Thu Jul 4 06:29:20 2024 Summary: Feature update for jakarta-inject Type: feature Severity: moderate References: This update for jakarta-inject fixes the following issues: - New pacakge implementation at version 2.0.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2629-1 Released: Tue Jul 30 09:11:33 2024 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228050,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2642-1 Released: Tue Jul 30 10:03:52 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-shared-utils was updated to version 3.4.2: - Changes in version 3.4.2: * New features and improvements: + Made Commandline.addSystemEnvironment public and deprecated + Deprecated IsEmpty/IsNotEmpty methods + Deprecated newXmlWriter + Deprecated redundant isEmptyString method + Deprecated join methods now available in Java 8 String class + FileUtils: avoid getCanonicalPath() + Added build() method and document toString() method + Optionally inherit system environment variables by Commandline + Dropped plexus container default * Bugs Fixed: + Removed trim parameter + Fixed blocking in StreamFeeder + Ignore MessageUtilsTest methods on unsupported platforms + Make copyFile succeed with source file having lastModified() = 0 + XmlWriterUtil platform independent and consistent + Poll data from input stream plexus-io was updated to version 3.2.0 to 3.4.2: - New features and improvements: * Drop legacy and make components pure JSR330 * Restore speed improvements * Plexus IO build is now reproducible * Various speed improvements * Plexus IO now requires Java 8 - Dependency updates: * Update sisu.inject to 0.9.0.M2 * Bumped guice from 5.1.0 to 6.0.0 * Bumped commons-io:commons-io from 2.11.0 to 2.15.1 * Bumped plexus-utils from 3.5.0 to 4.0.0 * Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 - Bugs fixed: * Fix symbolic link are being resolved into absolute path * Fix symbolic links to directories are not recognized as directories * Fix issue related to symbolic link tests issue plexus-interpolation was updated to version 1.27.0: - New features and improvements: * Added support for PPC64LE * Added dependabot and release drafter configuration * Moved to Junit5 - Dependency updates: * Bumped plexus from 7 to 16 * Bumped maven-bundle-plugin from 3.0.1 to 5.1.9 plexus-cli was updated to version 1.7: - Changes: * Bumped plexus-components from 6.5 to 10.0 * Bumped checkstyle from 9.2 to 9.2.1 * Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1 * Bumped checkstyle from 9.2.1 to 9.3 * Bumped commons-cli from 1.0 to 1.5.0 * Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0 * Bumped maven-shared-resources from 4 to 5 * Bumped apache/maven-gh-actions-shared from 1 to 3 * Updated to Parent pom 15 * Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0 * Reuse plexus-pom action for CI * Bumped org.codehaus.plexus:plexus from 15 to 16 * Replace plexus-container-default with Sisu Plexus * Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 plexus-cipher was updated to version 2.1.0: - Changes: * Switched to java.util.Base64 * Moved code to Java 8 * Fixed insecure cryptography in PBECipher.java * Enabled missed decryption test and adjust to new algorithm plexus-archiver was updated to version 4.9.2: - New features and improvements: * Allow copy all files without timestamp checking by DirectoryArchiver * Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet * Various dependencies were upgraded plexus-interactivity was updated to version 1.3: - New features and improvements: + Ensure prompter does not double colon + Java 8 as mininum + Moved off plexus - Other changes: * The class previously in plexus-interactivity-jdom artifact is folded into the main plexus-interactivity-api. maven-shared-incremental: - `sisu-plexus` is now used instead of the old `plexus-component-api` - Removed unnecessary dependency on xmvn tools and parent pom ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2647-1 Released: Tue Jul 30 10:44:44 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: antinject was updated to version 1.0.5: - Don't distribute as jakarta.inject:jakarta-inject-api artifact to prevent conflicts with the version 2.x that actually has classes in jakarta.inject namespace and thus is incompatible - Switched to sources in https://github.com/jakartaee/inject/ - Changes in version 1.0.5: * This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module. This is a multi-release jar - Changes in version 1.0.4: * This is a 1.0.4 service release with a multi-release jar that adds the module-info class to META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the javax.inject module. - Changes in version 1.0.3: * This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. * It adds the Automatic-Module-Name=java.inject to the api jar manifest. - Changes in version 1.0.2: * Set Automatic-Module-Name to java.inject * Added OSGi bundle headers - Changes in version 1.0.1: * Added Automatic-Module-Name of jakarta.inject - Changes in version 1.0: * First Injection API release for Jakarta EE cdi-api: - Use the javax.inject artifact google-guice was updated to version 6.0.0: - Changes in version 6.0.0: * JEE Jakarta Transition: + Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec (after the javax -> jakarta JEE transition). Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0 that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject or com.google.inject Providers. + The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces respectively. + Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is passed to bind(..).toProvider. * Guice Core: + Adds jakarta.inject support. + Support Java 21 (via updating ASM to 9.5 and other changes). + Improve AOP support on JVMs such as Azul. + Fix a deadlock or crash associated with recursively loading just-in-time bindings. + Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources. + Fix an endloop loop (that can OOM) in singleton lock cycle detection. + Fix tests to pass on Windows, despite the different line separator. + Improvements to OSGi metadata. + Mark the JSR305 dependency as optional (since it's not required at runtime). + Fix Binder.requestInjection(TypeLiteral, T) to use the TypeLiteral. + Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation + Add a way to tell if a class is 'enhanced' by Guice, and retrieve the original class. + Ensure the order of bind(...) statements does not matter when referring to JIT bindings. + Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass isn't required. + Mark the error_prone_annotations dependency as optional. * Servlet: + Fix an NPE if contextPath is null * Persist: + Persist had a number of changes, some of which are backwards incompatible. Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks). Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets setAutoBeginWorkOnEntityManagerCreation to true. + EntityManager provisioning no longer automatically starts an unit of work. + Ignore multiple start/stop calls, rather than throwing an exception. + Support manually initiated rollbacks. + Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions. gradle-bootstrap: - Package rebuilt to account for the new jakarta-inject dependency gradle: - Fixed build with jakarta-inject, which was introduced as a new google-guice dependency maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire: - Use plexus-metadata-generator executable directly to simplify build classpath maven-javadoc-plugin: - Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more modello: - Added dependency on jakarta-inject, needed by google-guice 6.0.0 plexus-component-metadata and plexus-containers were updated to version 2.2.0: - Added dependency on plexus-xml where relevant * This will be needed for smooth upgrade to plexus-utils 4.0.0 - Changes in version 2.2.0: * Improved documentation to switch to Sisu * Cleaned up poms after parent upgrade * Improved plexus-component metadata - removed dependency to plexus-container-default * Added deprecation information to Plexus components * Require Java 8 * Dropped plexus-container-default artefact * Require Maven 3.6.3+ * Switched to Junit5 * Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2 - Changes in version 2.1.1: * Last version before deprecation * Requires Java 7 and Maven 3.2.5+ * Upgraded ASM to 9.2 * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 plexus-utils was updated to version 4.0.0: - Changes in version 4.0.0: * Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate plexus-xml: if you need them, just use this new artifact\ * Other changes: + Fixed false difference detected with CachingOutputStream/CachingWriter when streams are flushed + Dependency updates + Switched to Junit 5 plexus-xml was update to version 3.0.1: - Changes in version 3.0.1: * Bugs fixed: + Allow nulls for write elements in MXSerializer + Removed special chars from xml output * Dependency updates: + Bumped org.codehaus.plexus:plexus from 17 to 18 + Bumped release-drafter/release-drafter from 5 to 6 + Bumped parent to 17 and updates * Maintenance: + Switched to Junit 5 + Switched to shared gh actions setup from master branch sbt: - Require the new plexus-xml package to fix build sisu was updated to version 0.9.0.M3: - Provide plexus-containers-container-default for easier update - Add dependency on plexus-xml where relevant - Changes of sisu version 0.9.0.M3: * Annotated new method * Updated workflow to run on Java 21 * Build with final Java 21 on GitHub * Switched to JUnit5 * Disabled annotation processor by default * Do not silently fail in case of class scanning exceptions * Updated to ASM 9.7 * Updated CONTRIBUTING.md * Aligned Plexus ASM version * Renamed release profile * Fixed Jacoco coverage repots in Sonar * Added a method to allow LifecycleManager to free keys * Licence change: From EPL1 to EPL2 * Updated documentation for exposed core extensions, fix anchors * Trigger Sonarcloud analysis from GHA - Changes of sisu version 0.9.0.M2: * Fixed SpaceScanner to use latest ASM API version * 3.7 is not an officially supported version therefore specify3.8 instead * Provide script to help upgrade embedded copy of ASM * ASM_9_4 * Require Java 8 * Sisu specific PreConstruct/PreDestroy annotations * Updated build plugins * ASM 9.5 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project * Create a 'no_asm' jar at release time which doesn't embed ASM - Changes of sisu.inject version 9.0.M1: * Fixed CDI related issues * Build with Eclipse/Tycho 2.5.0 and Java 11 * Raise problem reporting logs to DEBUG, fixes #36 * Upgraded internal copy of ASM to 9.2 * Implemented PathTypeConverter * Added JUnit 5 annotations to InjectedTest setUp/tearDown * Fixed static parameters binding lookup * Run injection tests against multiple versions of Guice * Support using @priority on Providers * Use read lock when subscribing to publishers??? * Cache binding lookups for single bean providers * Use AtomicReferenceFieldUpdater as it works better for large numbers of instances * Enabled Java CI workflow * Enabled CodeQL analysis * Replaced potentially-expensive regex with simple tokenizer * Allow Main to boot with extra bindings * Re-enabled various resource-related unit tests * Reworked globber pattern strategy to avoid use of regex * Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering - Changes of sisu.plexus version 0.9.0.M2: * Make build work with Java17 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project - Changes of sisu.plexus version 0.9.0.M1: * Aligned logback with sisu.inject * Build with Eclipse/Tycho 2.5.0 and Java 11 * Support configuration of collections with complex generic types * Enabled Java CI workflow * Enabled CodeQL analysis sisu-mojos: - Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - libfreebl3-3.101.2-150400.3.48.1 updated - libxcb1-1.13-150000.3.11.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - java-11-openjdk-headless-11.0.24.0-150000.3.116.1 updated - java-11-openjdk-11.0.24.0-150000.3.116.1 updated - atinject-1+20211017gitd06ce18-150200.3.13.1 updated - jakarta-inject-2.0.1-150200.5.3.3 added - java-11-openjdk-devel-11.0.24.0-150000.3.116.1 updated - maven-resolver-api-1.9.20-150200.3.23.2 updated - plexus-containers-component-annotations-2.2.0-150200.3.9.2 updated - plexus-interpolation-1.27.0-150200.3.7.2 updated - plexus-utils-4.0.1-150200.3.11.2 updated - plexus-xml-3.0.1-150200.5.8.2 updated - sisu-inject-0.9.0.M3-150200.3.9.2 updated - plexus-cipher-2.1.0-150200.3.7.1 updated - maven-resolver-util-1.9.20-150200.3.23.2 updated - maven-resolver-spi-1.9.20-150200.3.23.2 updated - sisu-plexus-0.9.0.M3-150200.3.9.2 updated - maven-shared-utils-3.4.2-150200.3.10.1 updated - maven-resolver-named-locks-1.9.20-150200.3.23.2 updated - google-guice-6.0.0-150200.3.10.4 updated - maven-resolver-transport-file-1.9.20-150200.3.23.2 updated - maven-resolver-connector-basic-1.9.20-150200.3.23.2 updated - maven-resolver-transport-wagon-1.9.20-150200.3.23.2 updated - maven-resolver-impl-1.9.20-150200.3.23.2 updated - maven-resolver-transport-http-1.9.20-150200.3.23.2 updated - maven-lib-3.9.8-150200.4.27.2 updated - maven-3.9.8-150200.4.27.2 updated - container:bci-openjdk-11-15.5.11-24.8 updated - apache-commons-lang3-3.12.0-150200.3.6.4 removed - cdi-api-2.0.2-150200.3.6.4 removed - jboss-interceptors-1.2-api-1.0.0-150200.3.4.4 removed From sle-container-updates at lists.suse.com Thu Aug 1 07:13:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:13:19 +0200 (CEST) Subject: SUSE-CU-2024:3333-1: Security update of bci/openjdk Message-ID: <20240801071319.D3347F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3333-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-24.8 Container Release : 24.8 Severity : important Type : security References : 1214980 1218640 1219660 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227298 1227918 1228046 1228047 1228048 1228050 1228051 1228052 1228322 CVE-2023-5388 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21144 CVE-2024-21145 CVE-2024-21147 CVE-2024-24577 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2629-1 Released: Tue Jul 30 09:11:33 2024 Summary: Security update for java-11-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228050,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21144,CVE-2024-21145,CVE-2024-21147 This update for java-11-openjdk fixes the following issues: Updated to version 11.0.24+8 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). - CVE-2024-21144: Fixed an excessive loading time in Pack200 due to improper header validation (bsc#1228050). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2656-1 Released: Tue Jul 30 15:36:08 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - libfreebl3-3.101.2-150400.3.48.1 updated - libxcb1-1.13-150000.3.11.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - git-core-2.35.3-150300.10.42.1 updated - java-11-openjdk-headless-11.0.24.0-150000.3.116.1 updated - java-11-openjdk-11.0.24.0-150000.3.116.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:14:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:14:11 +0200 (CEST) Subject: SUSE-CU-2024:3334-1: Security update of bci/openjdk-devel Message-ID: <20240801071411.10CC8F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3334-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-25.20 Container Release : 25.20 Severity : important Type : security References : 1214980 1218640 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227298 1227918 1228046 1228047 1228048 1228051 1228052 1228322 916845 CVE-2013-4235 CVE-2023-5388 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2296-1 Released: Thu Jul 4 06:29:20 2024 Summary: Feature update for jakarta-inject Type: feature Severity: moderate References: This update for jakarta-inject fixes the following issues: - New pacakge implementation at version 2.0.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2628-1 Released: Tue Jul 30 09:09:07 2024 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2642-1 Released: Tue Jul 30 10:03:52 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-shared-utils was updated to version 3.4.2: - Changes in version 3.4.2: * New features and improvements: + Made Commandline.addSystemEnvironment public and deprecated + Deprecated IsEmpty/IsNotEmpty methods + Deprecated newXmlWriter + Deprecated redundant isEmptyString method + Deprecated join methods now available in Java 8 String class + FileUtils: avoid getCanonicalPath() + Added build() method and document toString() method + Optionally inherit system environment variables by Commandline + Dropped plexus container default * Bugs Fixed: + Removed trim parameter + Fixed blocking in StreamFeeder + Ignore MessageUtilsTest methods on unsupported platforms + Make copyFile succeed with source file having lastModified() = 0 + XmlWriterUtil platform independent and consistent + Poll data from input stream plexus-io was updated to version 3.2.0 to 3.4.2: - New features and improvements: * Drop legacy and make components pure JSR330 * Restore speed improvements * Plexus IO build is now reproducible * Various speed improvements * Plexus IO now requires Java 8 - Dependency updates: * Update sisu.inject to 0.9.0.M2 * Bumped guice from 5.1.0 to 6.0.0 * Bumped commons-io:commons-io from 2.11.0 to 2.15.1 * Bumped plexus-utils from 3.5.0 to 4.0.0 * Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 - Bugs fixed: * Fix symbolic link are being resolved into absolute path * Fix symbolic links to directories are not recognized as directories * Fix issue related to symbolic link tests issue plexus-interpolation was updated to version 1.27.0: - New features and improvements: * Added support for PPC64LE * Added dependabot and release drafter configuration * Moved to Junit5 - Dependency updates: * Bumped plexus from 7 to 16 * Bumped maven-bundle-plugin from 3.0.1 to 5.1.9 plexus-cli was updated to version 1.7: - Changes: * Bumped plexus-components from 6.5 to 10.0 * Bumped checkstyle from 9.2 to 9.2.1 * Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1 * Bumped checkstyle from 9.2.1 to 9.3 * Bumped commons-cli from 1.0 to 1.5.0 * Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0 * Bumped maven-shared-resources from 4 to 5 * Bumped apache/maven-gh-actions-shared from 1 to 3 * Updated to Parent pom 15 * Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0 * Reuse plexus-pom action for CI * Bumped org.codehaus.plexus:plexus from 15 to 16 * Replace plexus-container-default with Sisu Plexus * Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 plexus-cipher was updated to version 2.1.0: - Changes: * Switched to java.util.Base64 * Moved code to Java 8 * Fixed insecure cryptography in PBECipher.java * Enabled missed decryption test and adjust to new algorithm plexus-archiver was updated to version 4.9.2: - New features and improvements: * Allow copy all files without timestamp checking by DirectoryArchiver * Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet * Various dependencies were upgraded plexus-interactivity was updated to version 1.3: - New features and improvements: + Ensure prompter does not double colon + Java 8 as mininum + Moved off plexus - Other changes: * The class previously in plexus-interactivity-jdom artifact is folded into the main plexus-interactivity-api. maven-shared-incremental: - `sisu-plexus` is now used instead of the old `plexus-component-api` - Removed unnecessary dependency on xmvn tools and parent pom ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2647-1 Released: Tue Jul 30 10:44:44 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: antinject was updated to version 1.0.5: - Don't distribute as jakarta.inject:jakarta-inject-api artifact to prevent conflicts with the version 2.x that actually has classes in jakarta.inject namespace and thus is incompatible - Switched to sources in https://github.com/jakartaee/inject/ - Changes in version 1.0.5: * This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module. This is a multi-release jar - Changes in version 1.0.4: * This is a 1.0.4 service release with a multi-release jar that adds the module-info class to META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the javax.inject module. - Changes in version 1.0.3: * This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. * It adds the Automatic-Module-Name=java.inject to the api jar manifest. - Changes in version 1.0.2: * Set Automatic-Module-Name to java.inject * Added OSGi bundle headers - Changes in version 1.0.1: * Added Automatic-Module-Name of jakarta.inject - Changes in version 1.0: * First Injection API release for Jakarta EE cdi-api: - Use the javax.inject artifact google-guice was updated to version 6.0.0: - Changes in version 6.0.0: * JEE Jakarta Transition: + Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec (after the javax -> jakarta JEE transition). Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0 that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject or com.google.inject Providers. + The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces respectively. + Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is passed to bind(..).toProvider. * Guice Core: + Adds jakarta.inject support. + Support Java 21 (via updating ASM to 9.5 and other changes). + Improve AOP support on JVMs such as Azul. + Fix a deadlock or crash associated with recursively loading just-in-time bindings. + Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources. + Fix an endloop loop (that can OOM) in singleton lock cycle detection. + Fix tests to pass on Windows, despite the different line separator. + Improvements to OSGi metadata. + Mark the JSR305 dependency as optional (since it's not required at runtime). + Fix Binder.requestInjection(TypeLiteral, T) to use the TypeLiteral. + Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation + Add a way to tell if a class is 'enhanced' by Guice, and retrieve the original class. + Ensure the order of bind(...) statements does not matter when referring to JIT bindings. + Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass isn't required. + Mark the error_prone_annotations dependency as optional. * Servlet: + Fix an NPE if contextPath is null * Persist: + Persist had a number of changes, some of which are backwards incompatible. Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks). Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets setAutoBeginWorkOnEntityManagerCreation to true. + EntityManager provisioning no longer automatically starts an unit of work. + Ignore multiple start/stop calls, rather than throwing an exception. + Support manually initiated rollbacks. + Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions. gradle-bootstrap: - Package rebuilt to account for the new jakarta-inject dependency gradle: - Fixed build with jakarta-inject, which was introduced as a new google-guice dependency maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire: - Use plexus-metadata-generator executable directly to simplify build classpath maven-javadoc-plugin: - Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more modello: - Added dependency on jakarta-inject, needed by google-guice 6.0.0 plexus-component-metadata and plexus-containers were updated to version 2.2.0: - Added dependency on plexus-xml where relevant * This will be needed for smooth upgrade to plexus-utils 4.0.0 - Changes in version 2.2.0: * Improved documentation to switch to Sisu * Cleaned up poms after parent upgrade * Improved plexus-component metadata - removed dependency to plexus-container-default * Added deprecation information to Plexus components * Require Java 8 * Dropped plexus-container-default artefact * Require Maven 3.6.3+ * Switched to Junit5 * Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2 - Changes in version 2.1.1: * Last version before deprecation * Requires Java 7 and Maven 3.2.5+ * Upgraded ASM to 9.2 * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 plexus-utils was updated to version 4.0.0: - Changes in version 4.0.0: * Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate plexus-xml: if you need them, just use this new artifact\ * Other changes: + Fixed false difference detected with CachingOutputStream/CachingWriter when streams are flushed + Dependency updates + Switched to Junit 5 plexus-xml was update to version 3.0.1: - Changes in version 3.0.1: * Bugs fixed: + Allow nulls for write elements in MXSerializer + Removed special chars from xml output * Dependency updates: + Bumped org.codehaus.plexus:plexus from 17 to 18 + Bumped release-drafter/release-drafter from 5 to 6 + Bumped parent to 17 and updates * Maintenance: + Switched to Junit 5 + Switched to shared gh actions setup from master branch sbt: - Require the new plexus-xml package to fix build sisu was updated to version 0.9.0.M3: - Provide plexus-containers-container-default for easier update - Add dependency on plexus-xml where relevant - Changes of sisu version 0.9.0.M3: * Annotated new method * Updated workflow to run on Java 21 * Build with final Java 21 on GitHub * Switched to JUnit5 * Disabled annotation processor by default * Do not silently fail in case of class scanning exceptions * Updated to ASM 9.7 * Updated CONTRIBUTING.md * Aligned Plexus ASM version * Renamed release profile * Fixed Jacoco coverage repots in Sonar * Added a method to allow LifecycleManager to free keys * Licence change: From EPL1 to EPL2 * Updated documentation for exposed core extensions, fix anchors * Trigger Sonarcloud analysis from GHA - Changes of sisu version 0.9.0.M2: * Fixed SpaceScanner to use latest ASM API version * 3.7 is not an officially supported version therefore specify3.8 instead * Provide script to help upgrade embedded copy of ASM * ASM_9_4 * Require Java 8 * Sisu specific PreConstruct/PreDestroy annotations * Updated build plugins * ASM 9.5 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project * Create a 'no_asm' jar at release time which doesn't embed ASM - Changes of sisu.inject version 9.0.M1: * Fixed CDI related issues * Build with Eclipse/Tycho 2.5.0 and Java 11 * Raise problem reporting logs to DEBUG, fixes #36 * Upgraded internal copy of ASM to 9.2 * Implemented PathTypeConverter * Added JUnit 5 annotations to InjectedTest setUp/tearDown * Fixed static parameters binding lookup * Run injection tests against multiple versions of Guice * Support using @priority on Providers * Use read lock when subscribing to publishers??? * Cache binding lookups for single bean providers * Use AtomicReferenceFieldUpdater as it works better for large numbers of instances * Enabled Java CI workflow * Enabled CodeQL analysis * Replaced potentially-expensive regex with simple tokenizer * Allow Main to boot with extra bindings * Re-enabled various resource-related unit tests * Reworked globber pattern strategy to avoid use of regex * Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering - Changes of sisu.plexus version 0.9.0.M2: * Make build work with Java17 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project - Changes of sisu.plexus version 0.9.0.M1: * Aligned logback with sisu.inject * Build with Eclipse/Tycho 2.5.0 and Java 11 * Support configuration of collections with complex generic types * Enabled Java CI workflow * Enabled CodeQL analysis sisu-mojos: - Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - libfreebl3-3.101.2-150400.3.48.1 updated - libxcb1-1.13-150000.3.11.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - java-17-openjdk-headless-17.0.12.0-150400.3.45.1 updated - java-17-openjdk-17.0.12.0-150400.3.45.1 updated - atinject-1+20211017gitd06ce18-150200.3.13.1 updated - jakarta-inject-2.0.1-150200.5.3.3 added - java-17-openjdk-devel-17.0.12.0-150400.3.45.1 updated - maven-resolver-api-1.9.20-150200.3.23.2 updated - plexus-containers-component-annotations-2.2.0-150200.3.9.2 updated - plexus-interpolation-1.27.0-150200.3.7.2 updated - plexus-utils-4.0.1-150200.3.11.2 updated - plexus-xml-3.0.1-150200.5.8.2 updated - sisu-inject-0.9.0.M3-150200.3.9.2 updated - plexus-cipher-2.1.0-150200.3.7.1 updated - maven-resolver-util-1.9.20-150200.3.23.2 updated - maven-resolver-spi-1.9.20-150200.3.23.2 updated - sisu-plexus-0.9.0.M3-150200.3.9.2 updated - maven-shared-utils-3.4.2-150200.3.10.1 updated - maven-resolver-named-locks-1.9.20-150200.3.23.2 updated - google-guice-6.0.0-150200.3.10.4 updated - maven-resolver-transport-file-1.9.20-150200.3.23.2 updated - maven-resolver-connector-basic-1.9.20-150200.3.23.2 updated - maven-resolver-transport-wagon-1.9.20-150200.3.23.2 updated - maven-resolver-impl-1.9.20-150200.3.23.2 updated - maven-resolver-transport-http-1.9.20-150200.3.23.2 updated - maven-lib-3.9.8-150200.4.27.2 updated - maven-3.9.8-150200.4.27.2 updated - container:bci-openjdk-17-15.5.17-26.8 updated - apache-commons-lang3-3.12.0-150200.3.6.4 removed - cdi-api-2.0.2-150200.3.6.4 removed - jboss-interceptors-1.2-api-1.0.0-150200.3.4.4 removed From sle-container-updates at lists.suse.com Thu Aug 1 07:14:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:14:52 +0200 (CEST) Subject: SUSE-CU-2024:3335-1: Security update of bci/openjdk Message-ID: <20240801071452.1FFD1F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3335-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-26.8 Container Release : 26.8 Severity : important Type : security References : 1214980 1218640 1219660 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227298 1227918 1228046 1228047 1228048 1228051 1228052 1228322 CVE-2023-5388 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-24577 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2628-1 Released: Tue Jul 30 09:09:07 2024 Summary: Security update for java-17-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-17-openjdk fixes the following issues: Updated to version 17.0.12+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2656-1 Released: Tue Jul 30 15:36:08 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - libfreebl3-3.101.2-150400.3.48.1 updated - libxcb1-1.13-150000.3.11.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - git-core-2.35.3-150300.10.42.1 updated - java-17-openjdk-headless-17.0.12.0-150400.3.45.1 updated - java-17-openjdk-17.0.12.0-150400.3.45.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:15:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:15:20 +0200 (CEST) Subject: SUSE-CU-2024:3336-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240801071520.A6267F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3336-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.18.10 Container Release : 18.10 Severity : important Type : security References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 916845 CVE-2013-4235 CVE-2023-5388 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - mozilla-nss-tools-3.101.2-150400.3.48.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:15:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:15:55 +0200 (CEST) Subject: SUSE-CU-2024:3337-1: Security update of suse/sle15 Message-ID: <20240801071555.AAE89F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3337-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.8 , suse/sle15:15.5 , suse/sle15:15.5.36.14.8 Container Release : 36.14.8 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:15:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:15:59 +0200 (CEST) Subject: SUSE-CU-2024:3338-1: Recommended update of suse/389-ds Message-ID: <20240801071559.8F0DCF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3338-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-37.4 , suse/389-ds:latest Container Release : 37.4 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - mozilla-nss-tools-3.101.2-150400.3.48.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:16:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:16:20 +0200 (CEST) Subject: SUSE-CU-2024:3343-1: Recommended update of bci/openjdk-devel Message-ID: <20240801071620.7C3EFF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3343-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-16.17 , bci/openjdk-devel:latest Container Release : 16.17 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - container:bci-openjdk-21-15.6.21-16.5 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:16:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:16:27 +0200 (CEST) Subject: SUSE-CU-2024:3344-1: Recommended update of bci/openjdk Message-ID: <20240801071627.9DF77F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3344-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-16.5 , bci/openjdk:latest Container Release : 16.5 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:16:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:16:30 +0200 (CEST) Subject: SUSE-CU-2024:3345-1: Recommended update of suse/pcp Message-ID: <20240801071630.15260F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3345-1 Container Tags : suse/pcp:5 , suse/pcp:5-36.15 , suse/pcp:5.3 , suse/pcp:5.3-36.15 , suse/pcp:5.3.7 , suse/pcp:5.3.7-36.15 , suse/pcp:latest Container Release : 36.15 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:16:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:16:31 +0200 (CEST) Subject: SUSE-CU-2024:3346-1: Recommended update of containers/apache-tomcat Message-ID: <20240801071631.D8663F78C@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3346-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-37.3 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-37.3 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-37.3 Container Release : 37.3 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:16:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:16:41 +0200 (CEST) Subject: SUSE-CU-2024:3347-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240801071641.587C0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3347-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.17 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.17 Severity : moderate Type : recommended References : 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1227918 CVE-2023-5388 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. The following package changes have been done: - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - mozilla-nss-tools-3.101.2-150400.3.48.1 updated From sle-container-updates at lists.suse.com Thu Aug 1 07:17:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 1 Aug 2024 09:17:27 +0200 (CEST) Subject: SUSE-CU-2024:3364-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240801071727.C5814F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3364-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.7 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.7 Severity : important Type : security References : 1227268 1227269 1227270 1227271 CVE-2024-38475 CVE-2024-38476 CVE-2024-38477 CVE-2024-39573 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2624-1 Released: Tue Jul 30 09:04:55 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227268,1227269,1227270,1227271,CVE-2024-38475,CVE-2024-38476,CVE-2024-38477,CVE-2024-39573 This update for apache2 fixes the following issues: - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) The following package changes have been done: - apache2-utils-2.4.51-150400.6.29.1 updated - apache2-2.4.51-150400.6.29.1 updated - apache2-prefork-2.4.51-150400.6.29.1 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:05:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:05:26 +0200 (CEST) Subject: SUSE-CU-2024:3369-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240802070526.74AA3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3369-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.10 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.10 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - login_defs-4.8.1-150400.10.18.1 updated - patterns-base-fips-20200124-150400.20.10.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-image-15.0.0-36.14.8 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:08:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:08:32 +0200 (CEST) Subject: SUSE-CU-2024:3384-1: Security update of bci/golang Message-ID: <20240802070832.F10F1F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3384-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.36.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.36.1 Container Release : 36.1 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:08:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:08:39 +0200 (CEST) Subject: SUSE-CU-2024:3387-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240802070839.B2185F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3387-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.12 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.12 Severity : important Type : security References : 1208690 1214980 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222899 1223336 1223724 1224113 1224115 1224116 1224118 1225976 1226125 1226412 1226463 1226529 1226664 1227138 1227918 916845 CVE-2013-4235 CVE-2023-5388 CVE-2024-5535 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2695-1 Released: Thu Aug 1 15:06:12 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) The following package changes have been done: - dracut-059+suse.527.g7870f083-150600.3.3.2 updated - libfreebl3-3.101.2-150400.3.48.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.3.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - shadow-4.8.1-150600.17.3.1 updated - systemd-254.15-150600.4.8.1 updated - udev-254.15-150600.4.8.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - wicked-0.6.76-150600.11.9.1 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:09:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:09:39 +0200 (CEST) Subject: SUSE-CU-2024:3405-1: Security update of suse/rmt-server Message-ID: <20240802070939.7B81BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3405-1 Container Tags : suse/rmt-server:2.18 , suse/rmt-server:2.18-39.1 , suse/rmt-server:latest Container Release : 39.1 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2649-1 Released: Tue Jul 30 13:53:03 2024 Summary: Recommended update for rmt-server Type: recommended Severity: moderate References: This update for rmt-server fixes the following issues: - Version 2.18 * Move temporary storage of downloaded files to the repo directory to avoid filling up /tmp partition * Fixes for RES7-LTSS and OL7-LTSS clients * Instance Verification: re-setting the repository and registry cache path to the right value; update the cache scrubber paths The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libudev1-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - rmt-server-config-2.18-150500.3.19.1 updated - rmt-server-2.18-150500.3.19.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:10:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:10:36 +0200 (CEST) Subject: SUSE-CU-2024:3411-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240802071036.4A1C5F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3411-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.8 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.8 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - login_defs-4.8.1-150400.10.18.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:11:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:11:00 +0200 (CEST) Subject: SUSE-CU-2024:3412-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240802071100.0D102F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3412-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.8 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.8 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - login_defs-4.8.1-150400.10.18.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:11:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:11:22 +0200 (CEST) Subject: SUSE-CU-2024:3413-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240802071122.48952F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3413-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.6 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.6 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - login_defs-4.8.1-150400.10.18.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:11:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:11:44 +0200 (CEST) Subject: SUSE-CU-2024:3414-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240802071144.5B67CF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3414-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.6 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.6 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - login_defs-4.8.1-150400.10.18.1 updated - shadow-4.8.1-150400.10.18.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Fri Aug 2 07:12:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 2 Aug 2024 09:12:05 +0200 (CEST) Subject: SUSE-CU-2024:3415-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20240802071205.9E307F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3415-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.6 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.6 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. The following package changes have been done: - patterns-base-fips-20200124-150400.20.10.1 updated - container:sles15-ltss-image-15.0.0-5.4 updated From sle-container-updates at lists.suse.com Tue Aug 6 07:03:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 6 Aug 2024 09:03:50 +0200 (CEST) Subject: SUSE-CU-2024:3418-1: Security update of suse/sle15 Message-ID: <20240806070350.618CBF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3418-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.23 Container Release : 9.8.23 Severity : important Type : security References : 1224123 CVE-2024-28180 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2754-1 Released: Mon Aug 5 21:03:51 2024 Summary: Security update for skopeo Type: security Severity: important References: 1224123,CVE-2024-28180 This update for skopeo fixes the following issues: Update to version 1.14.4: - CVE-2024-3727: Fixed a vulnerability that allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, resource exhaustion, local path traversal and other attacks. (bsc#1224123) The following package changes have been done: - libgpg-error0-1.29-150000.3.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:07:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:07:05 +0200 (CEST) Subject: SUSE-CU-2024:3421-1: Security update of suse/sles12sp5 Message-ID: <20240807070705.D3D82F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3421-1 Container Tags : suse/sles12sp5:6.8.21 , suse/sles12sp5:latest Container Release : 6.8.21 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2767-1 Released: Tue Aug 6 10:55:19 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-12.46.1 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:16:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:16:28 +0200 (CEST) Subject: SUSE-CU-2024:3434-1: Recommended update of bci/openjdk Message-ID: <20240807071628.BBB23F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3434-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-27.3 Container Release : 27.3 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libpcsclite1-1.9.4-150400.3.2.1 updated - container:sles15-image-15.0.0-36.14.9 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:17:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:17:24 +0200 (CEST) Subject: SUSE-CU-2024:3435-1: Recommended update of suse/sle15 Message-ID: <20240807071724.DC5CDF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3435-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.9 , suse/sle15:15.5 , suse/sle15:15.5.36.14.9 Container Release : 36.14.9 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:17:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:17:55 +0200 (CEST) Subject: SUSE-CU-2024:3443-1: Recommended update of suse/registry Message-ID: <20240807071755.8A1CFF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3443-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-22.3 , suse/registry:latest Container Release : 22.3 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:18:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:18:40 +0200 (CEST) Subject: SUSE-CU-2024:3457-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240807071840.6AB9EF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3457-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.14 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.14 Severity : important Type : security References : 1225600 1225601 1227888 1228322 1228535 1228548 CVE-2023-38417 CVE-2023-47210 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2785-1 Released: Tue Aug 6 14:59:01 2024 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1225600,1225601,CVE-2023-38417,CVE-2023-47210 This update for kernel-firmware fixes the following issues: Update to version 20240728: * amdgpu: update DMCUB to v0.0.227.0 for DCN35 and DCN351 * Revert 'iwlwifi: update ty/So/Ma firmwares for core89-58 release' * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: add gl FW for core89-58 release * iwlwifi: update ty/So/Ma firmwares for core89-58 release * iwlwifi: update cc/Qu/QuZ firmwares for core89-58 release * mediatek: Update mt8195 SOF firmware and sof-tplg * ASoC: tas2781: fix the license issue for tas781 firmware * rtl_bt: Update RTL8852B BT USB FW to 0x048F_4008 * i915: Update Xe2LPD DMC to v2.21 * qcom: move signed x1e80100 signed firmware to the SoC subdir * qcom: add video firmware file for vpu-3.0 * intel: avs: Add topology file for I2S Analog Devices 4567 * intel: avs: Add topology file for I2S Nuvoton 8825 * intel: avs: Add topology file for I2S Maxim 98927 * intel: avs: Add topology file for I2S Maxim 98373 * intel: avs: Add topology file for I2S Maxim 98357a * intel: avs: Add topology file for I2S Dialog 7219 * intel: avs: Add topology file for I2S Realtek 5663 * intel: avs: Add topology file for I2S Realtek 5640 * intel: avs: Add topology file for I2S Realtek 5514 * intel: avs: Add topology file for I2S Realtek 298 * intel: avs: Add topology file for I2S Realtek 286 * intel: avs: Add topology file for I2S Realtek 274 * intel: avs: Add topology file for Digital Microphone Array * intel: avs: Add topology file for HDMI codecs * intel: avs: Add topology file for HDAudio codecs * intel: avs: Update AudioDSP base firmware for APL-based platforms ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - curl-8.6.0-150600.4.3.1 updated - kernel-firmware-bnx2-20240728-150600.3.6.1 updated - kernel-firmware-chelsio-20240728-150600.3.6.1 updated - kernel-firmware-i915-20240728-150600.3.6.1 updated - kernel-firmware-intel-20240728-150600.3.6.1 updated - kernel-firmware-liquidio-20240728-150600.3.6.1 updated - kernel-firmware-marvell-20240728-150600.3.6.1 updated - kernel-firmware-mediatek-20240728-150600.3.6.1 updated - kernel-firmware-mellanox-20240728-150600.3.6.1 updated - kernel-firmware-network-20240728-150600.3.6.1 updated - kernel-firmware-platform-20240728-150600.3.6.1 updated - kernel-firmware-qlogic-20240728-150600.3.6.1 updated - kernel-firmware-realtek-20240728-150600.3.6.1 updated - kernel-firmware-usb-network-20240728-150600.3.6.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - permissions-20240801-150600.10.4.1 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:01 +0200 (CEST) Subject: SUSE-CU-2024:3462-1: Security update of bci/nodejs Message-ID: <20240807071901.20C4EF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3462-1 Container Tags : bci/node:20 , bci/node:20-33.3 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-33.3 , bci/nodejs:latest Container Release : 33.3 Severity : important Type : security References : 1227888 1228535 1228548 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:11 +0200 (CEST) Subject: SUSE-CU-2024:3464-1: Recommended update of bci/openjdk-devel Message-ID: <20240807071911.8D1DBF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3464-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-18.10 , bci/openjdk-devel:latest Container Release : 18.10 Severity : moderate Type : recommended References : 1228322 1228548 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - libpcsclite1-1.9.4-150400.3.2.1 updated - container:bci-openjdk-21-15.6.21-18.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:20 +0200 (CEST) Subject: SUSE-CU-2024:3466-1: Security update of bci/openjdk Message-ID: <20240807071920.9FD8FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3466-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-18.4 , bci/openjdk:latest Container Release : 18.4 Severity : important Type : security References : 1227888 1228322 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - libpcsclite1-1.9.4-150400.3.2.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:23 +0200 (CEST) Subject: SUSE-CU-2024:3467-1: Recommended update of suse/pcp Message-ID: <20240807071923.ECE16F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3467-1 Container Tags : suse/pcp:5 , suse/pcp:5-38.9 , suse/pcp:5.3 , suse/pcp:5.3-38.9 , suse/pcp:5.3.7 , suse/pcp:5.3.7-38.9 , suse/pcp:latest Container Release : 38.9 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:bci-bci-init-15.6-15.6-19.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:36 +0200 (CEST) Subject: SUSE-CU-2024:3472-1: Recommended update of suse/postgres Message-ID: <20240807071936.035BAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3472-1 Container Tags : suse/postgres:16 , suse/postgres:16-38.3 , suse/postgres:16.2 , suse/postgres:16.2-38.3 , suse/postgres:latest Container Release : 38.3 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:47 +0200 (CEST) Subject: SUSE-CU-2024:3475-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240807071947.AD9C8FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3475-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-39.3 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-39.3 , suse/rmt-mariadb-client:latest Container Release : 39.3 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:55 +0200 (CEST) Subject: SUSE-CU-2024:3478-1: Recommended update of containers/apache-tomcat Message-ID: <20240807071955.4C642FCBE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3478-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-39.4 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-39.4 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-39.4 Container Release : 39.4 Severity : moderate Type : recommended References : 1228322 1228548 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - libpcsclite1-1.9.4-150400.3.2.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Wed Aug 7 07:19:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 7 Aug 2024 09:19:58 +0200 (CEST) Subject: SUSE-CU-2024:3479-1: Security update of bci/spack Message-ID: <20240807071958.90498FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3479-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-3.9 , bci/spack:0.21.2 , bci/spack:0.21.2-3.9 , bci/spack:latest Container Release : 3.9 Severity : important Type : security References : 1167721 1227574 1227888 1228322 1228535 1228548 CVE-2019-20633 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2780-1 Released: Tue Aug 6 14:36:01 2024 Summary: Security update for patch Type: security Severity: low References: 1167721,CVE-2019-20633 This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2788-1 Released: Tue Aug 6 15:50:29 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1227574 This update for sudo fixes the following issue: - Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - curl-8.6.0-150600.4.3.1 updated - patch-2.7.6-150000.5.6.1 updated - sudo-1.9.15p5-150600.3.6.2 updated - libcurl-devel-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:04:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:04:33 +0200 (CEST) Subject: SUSE-CU-2024:3483-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240808070433.2FE89FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3483-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.8 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.8 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:04:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:04:32 +0200 (CEST) Subject: SUSE-CU-2024:3482-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240808070432.7D922F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3482-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.7 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.7 Severity : moderate Type : recommended References : 1227115 1228322 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2782-1 Released: Tue Aug 6 14:41:41 2024 Summary: Recomended update for sles-ltss-release Type: recommended Severity: moderate References: 1227115 This update for sles-ltss-release fixes the following issue: - Update Codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - sles-ltss-release-15.4-150400.13.8.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:06:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:06:46 +0200 (CEST) Subject: SUSE-CU-2024:3485-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240808070646.AC931F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3485-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.7 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.7 Severity : moderate Type : recommended References : 1227115 1228322 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2782-1 Released: Tue Aug 6 14:41:41 2024 Summary: Recomended update for sles-ltss-release Type: recommended Severity: moderate References: 1227115 This update for sles-ltss-release fixes the following issue: - Update Codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - sles-ltss-release-15.4-150400.13.8.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:07:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:07:30 +0200 (CEST) Subject: SUSE-CU-2024:3487-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240808070730.B9BBFF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3487-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.14 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.14 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - container:sles15-image-15.0.0-36.14.9 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:09:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:09:31 +0200 (CEST) Subject: SUSE-CU-2024:3488-1: Security update of suse/sles12sp5 Message-ID: <20240808070931.6ED90F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3488-1 Container Tags : suse/sles12sp5:6.8.22 , suse/sles12sp5:latest Container Release : 6.8.22 Severity : moderate Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2805-1 Released: Wed Aug 7 09:48:45 2024 Summary: Security update for shadow Type: security Severity: moderate References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed TOCTOU race condition (bsc#916845) The following package changes have been done: - shadow-4.2.1-36.15.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:12:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:12:09 +0200 (CEST) Subject: SUSE-CU-2024:3489-1: Recommended update of suse/sle15 Message-ID: <20240808071209.BBDE4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3489-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.24 Container Release : 9.8.24 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:12:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:12:31 +0200 (CEST) Subject: SUSE-CU-2024:3490-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240808071231.D70CCF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3490-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.8 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.8 Container Release : 6.8 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:12:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:12:58 +0200 (CEST) Subject: SUSE-CU-2024:3491-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240808071258.96A8AF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3491-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.6 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.6 Container Release : 5.6 Severity : moderate Type : recommended References : 1227115 1228322 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2782-1 Released: Tue Aug 6 14:41:41 2024 Summary: Recomended update for sles-ltss-release Type: recommended Severity: moderate References: 1227115 This update for sles-ltss-release fixes the following issue: - Update Codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - sles-ltss-release-15.4-150400.13.8.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:12:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:12:59 +0200 (CEST) Subject: SUSE-CU-2024:3492-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240808071259.4C681F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3492-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.7 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.7 Container Release : 5.7 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:16:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:16:18 +0200 (CEST) Subject: SUSE-CU-2024:3494-1: Security update of bci/bci-init Message-ID: <20240808071618.17111F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3494-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.24.3 Container Release : 24.3 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-image-15.0.0-36.14.10 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:17:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:17:13 +0200 (CEST) Subject: SUSE-CU-2024:3495-1: Security update of bci/nodejs Message-ID: <20240808071713.38AB0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3495-1 Container Tags : bci/node:18 , bci/node:18-27.3 , bci/nodejs:18 , bci/nodejs:18-27.3 Container Release : 27.3 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-image-15.0.0-36.14.10 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:18:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:18:14 +0200 (CEST) Subject: SUSE-CU-2024:3497-1: Security update of bci/openjdk-devel Message-ID: <20240808071814.D4986FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3497-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-24.9 Container Release : 24.9 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:bci-openjdk-11-15.5.11-25.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:18:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:18:13 +0200 (CEST) Subject: SUSE-CU-2024:3496-1: Recommended update of bci/openjdk-devel Message-ID: <20240808071813.EC4EAF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3496-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-24.6 Container Release : 24.6 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libpcsclite1-1.9.4-150400.3.2.1 updated - container:bci-openjdk-11-15.5.11-25.3 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:19:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:19:03 +0200 (CEST) Subject: SUSE-CU-2024:3498-1: Recommended update of bci/openjdk Message-ID: <20240808071903.1E24DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3498-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-25.3 Container Release : 25.3 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libpcsclite1-1.9.4-150400.3.2.1 updated - container:sles15-image-15.0.0-36.14.9 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:20:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:20:06 +0200 (CEST) Subject: SUSE-CU-2024:3500-1: Recommended update of bci/openjdk-devel Message-ID: <20240808072006.5534FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3500-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-26.5 Container Release : 26.5 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libpcsclite1-1.9.4-150400.3.2.1 updated - container:bci-openjdk-17-15.5.17-27.3 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:20:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:20:07 +0200 (CEST) Subject: SUSE-CU-2024:3501-1: Security update of bci/openjdk-devel Message-ID: <20240808072007.59543F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3501-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-26.8 Container Release : 26.8 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:bci-openjdk-17-15.5.17-27.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:21:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:21:32 +0200 (CEST) Subject: SUSE-CU-2024:3503-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240808072132.54A6BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3503-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.19.3 Container Release : 19.3 Severity : low Type : security References : 1167721 CVE-2019-20633 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2780-1 Released: Tue Aug 6 14:36:01 2024 Summary: Security update for patch Type: security Severity: low References: 1167721,CVE-2019-20633 This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721) The following package changes have been done: - patch-2.7.6-150000.5.6.1 updated - container:sles15-image-15.0.0-36.14.9 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:21:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:21:33 +0200 (CEST) Subject: SUSE-CU-2024:3504-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240808072133.45B4DF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3504-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.19.4 Container Release : 19.4 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-image-15.0.0-36.14.10 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:22:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 09:22:14 +0200 (CEST) Subject: SUSE-CU-2024:3505-1: Security update of suse/sle15 Message-ID: <20240808072214.9BC84F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3505-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.10 , suse/sle15:15.5 , suse/sle15:15.5.36.14.10 Container Release : 36.14.10 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:09:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:09:11 +0200 (CEST) Subject: SUSE-CU-2024:3569-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240808160911.0E0D4FFE0@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3569-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.4 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.4 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:07:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:07:38 +0200 (CEST) Subject: SUSE-CU-2024:3561-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240808160738.291E6FFCF@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3561-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.10 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.10 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - container:sles15-ltss-image-15.0.0-5.6 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:06 +0200 (CEST) Subject: SUSE-CU-2024:3538-1: Security update of suse/postgres Message-ID: <20240808160106.1F856FF97@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3538-1 Container Tags : suse/postgres:16 , suse/postgres:16-38.5 , suse/postgres:16.2 , suse/postgres:16.2-38.5 , suse/postgres:latest Container Release : 38.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:02 +0200 (CEST) Subject: SUSE-CU-2024:3536-1: Security update of bci/php Message-ID: <20240808160102.7AAC8FF94@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3536-1 Container Tags : bci/php:8 , bci/php:8-33.3 , bci/php:latest Container Release : 33.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:09:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:09:11 +0200 (CEST) Subject: SUSE-CU-2024:3570-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240808160911.9D319FFEB@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3570-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.5 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150300.4.18.1 updated - shadow-4.8.1-150300.4.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:07:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:07:54 +0200 (CEST) Subject: SUSE-CU-2024:3564-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240808160754.F2673FFD4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3564-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.8 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.8 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-ltss-image-15.0.0-5.7 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:07:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:07:38 +0200 (CEST) Subject: SUSE-CU-2024:3562-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240808160738.BA443FFD1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3562-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.11 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.11 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-ltss-image-15.0.0-5.7 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:08:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:08:12 +0200 (CEST) Subject: SUSE-CU-2024:3566-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240808160812.BDC04FFDC@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3566-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.8 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.8 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-ltss-image-15.0.0-5.7 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:09 +0200 (CEST) Subject: SUSE-CU-2024:3539-1: Security update of bci/python Message-ID: <20240808160109.66FC5FF99@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3539-1 Container Tags : bci/python:3 , bci/python:3-45.3 , bci/python:3.11 , bci/python:3.11-45.3 Container Release : 45.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:32 +0200 (CEST) Subject: SUSE-CU-2024:3550-1: Security update of bci/ruby Message-ID: <20240808160132.AB6F2FFAC@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3550-1 Container Tags : bci/ruby:2 , bci/ruby:2-19.3 , bci/ruby:2.5 , bci/ruby:2.5-19.3 , bci/ruby:latest Container Release : 19.3 Severity : important Type : security References : 1227888 1228535 1228548 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:22 +0200 (CEST) Subject: SUSE-CU-2024:3545-1: Security update of suse/rmt-mariadb-client Message-ID: <20240808160122.AC153FFA0@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3545-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-39.5 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-39.5 , suse/rmt-mariadb-client:latest Container Release : 39.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:35 +0200 (CEST) Subject: SUSE-CU-2024:3552-1: Security update of bci/rust Message-ID: <20240808160135.32250FFB2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3552-1 Container Tags : bci/rust:1.78 , bci/rust:1.78-2.5.3 , bci/rust:oldstable , bci/rust:oldstable-2.5.3 Container Release : 5.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:41 +0200 (CEST) Subject: SUSE-CU-2024:3555-1: Security update of containers/apache-tomcat Message-ID: <20240808160141.41E09FFB6@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3555-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-39.6 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-39.6 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-39.6 Container Release : 39.6 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:49 +0200 (CEST) Subject: SUSE-CU-2024:3556-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240808160149.03E49FFBA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3556-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.19.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 19.3 Severity : moderate Type : security References : 1167721 1228548 CVE-2019-20633 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2780-1 Released: Tue Aug 6 14:36:01 2024 Summary: Security update for patch Type: security Severity: low References: 1167721,CVE-2019-20633 This update for patch fixes the following issues: - CVE-2019-20633: Fixed double-free/OOB read in pch.c (bsc#1167721) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - patch-2.7.6-150000.5.6.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:02:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:02:24 +0200 (CEST) Subject: SUSE-CU-2024:3559-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240808160224.2170CFFC0@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3559-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.10 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.10 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - container:sles15-ltss-image-15.0.0-5.6 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:25 +0200 (CEST) Subject: SUSE-CU-2024:3546-1: Recommended update of suse/rmt-mariadb Message-ID: <20240808160125.1CC88FFA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3546-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-38.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-38.3 , suse/rmt-mariadb:latest Container Release : 38.3 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:37 +0200 (CEST) Subject: SUSE-CU-2024:3553-1: Security update of bci/rust Message-ID: <20240808160137.CB301FFB4@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3553-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-1.6.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.6.3 Container Release : 6.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:33 +0200 (CEST) Subject: SUSE-CU-2024:3551-1: Security update of bci/ruby Message-ID: <20240808160133.5295EFFB0@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3551-1 Container Tags : bci/ruby:2 , bci/ruby:2-19.5 , bci/ruby:2.5 , bci/ruby:2.5-19.5 , bci/ruby:latest Container Release : 19.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:11:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:11:20 +0200 (CEST) Subject: SUSE-CU-2024:3572-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240808161120.447A2FFED@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3572-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.6 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.6 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:29 +0200 (CEST) Subject: SUSE-CU-2024:3548-1: Recommended update of suse/rmt-server Message-ID: <20240808160129.22901FFA7@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3548-1 Container Tags : suse/rmt-server:2.18 , suse/rmt-server:2.18-40.4 , suse/rmt-server:latest Container Release : 40.4 Severity : moderate Type : recommended References : 1228322 1228548 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:02:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:02:43 +0200 (CEST) Subject: SUSE-CU-2024:3561-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240808160243.0CB09FFC7@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3561-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.10 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.10 Severity : moderate Type : recommended References : 1228322 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - container:sles15-ltss-image-15.0.0-5.6 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:11:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:11:20 +0200 (CEST) Subject: SUSE-CU-2024:3573-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240808161120.C80A0FFF3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3573-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.7 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.7 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150300.4.18.1 updated - shadow-4.8.1-150300.4.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:02:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:02:24 +0200 (CEST) Subject: SUSE-CU-2024:3560-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240808160224.BF407FFC4@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3560-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.11 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.11 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated - container:sles15-ltss-image-15.0.0-5.7 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:52 +0200 (CEST) Subject: SUSE-CU-2024:3558-1: Security update of bci/spack Message-ID: <20240808160152.9253EFFBE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3558-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-3.11 , bci/spack:0.21.2 , bci/spack:0.21.2-3.11 , bci/spack:latest Container Release : 3.11 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:15 +0200 (CEST) Subject: SUSE-CU-2024:3541-1: Security update of bci/python Message-ID: <20240808160115.E989CFF9B@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3541-1 Container Tags : bci/python:3 , bci/python:3-45.3 , bci/python:3.12 , bci/python:3.12-45.3 , bci/python:latest Container Release : 45.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:25 +0200 (CEST) Subject: SUSE-CU-2024:3547-1: Security update of suse/rmt-mariadb Message-ID: <20240808160125.8B054FFA5@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3547-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-38.5 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-38.5 , suse/rmt-mariadb:latest Container Release : 38.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:29 +0200 (CEST) Subject: SUSE-CU-2024:3549-1: Security update of suse/rmt-server Message-ID: <20240808160129.B8A9AFFAA@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3549-1 Container Tags : suse/rmt-server:2.18 , suse/rmt-server:2.18-40.6 , suse/rmt-server:latest Container Release : 40.6 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 18:01:19 +0200 (CEST) Subject: SUSE-CU-2024:3543-1: Security update of bci/python Message-ID: <20240808160119.8409CFF9E@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3543-1 Container Tags : bci/python:3 , bci/python:3-44.3 , bci/python:3.6 , bci/python:3.6-44.3 Container Release : 44.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:41 +0200 (CEST) Subject: SUSE-CU-2024:3529-1: Security update of bci/openjdk-devel Message-ID: <20240808155441.854BBFF54@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3529-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-18.13 , bci/openjdk-devel:latest Container Release : 18.13 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:bci-openjdk-21-15.6.21-18.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:07 +0200 (CEST) Subject: SUSE-CU-2024:3516-1: Security update of suse/git Message-ID: <20240808155407.A3804FE86@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3516-1 Container Tags : suse/git:2.43 , suse/git:2.43-20.3 , suse/git:latest Container Release : 20.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:15 +0200 (CEST) Subject: SUSE-CU-2024:3519-1: Security update of bci/golang Message-ID: <20240808155415.499B3FE8A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3519-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-37.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-37.5 Container Release : 37.5 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:53 +0200 (CEST) Subject: SUSE-CU-2024:3532-1: Security update of bci/php-apache Message-ID: <20240808155453.B5842FF76@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3532-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-33.3 , bci/php-apache:latest Container Release : 33.3 Severity : important Type : security References : 1227888 1228535 1228548 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:27 +0200 (CEST) Subject: SUSE-CU-2024:3524-1: Recommended update of bci/bci-init Message-ID: <20240808155427.749A7FE9F@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3524-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.19.4 , bci/bci-init:latest Container Release : 19.4 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:55:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:55:00 +0200 (CEST) Subject: SUSE-CU-2024:3536-1: Security update of bci/php Message-ID: <20240808155500.4BCC7FF8D@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3536-1 Container Tags : bci/php:8 , bci/php:8-33.3 , bci/php:latest Container Release : 33.3 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:51 +0200 (CEST) Subject: SUSE-CU-2024:3531-1: Security update of suse/pcp Message-ID: <20240808155451.02AE9FF59@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3531-1 Container Tags : suse/pcp:5 , suse/pcp:5-38.13 , suse/pcp:5.3 , suse/pcp:5.3-38.13 , suse/pcp:5.3.7 , suse/pcp:5.3.7-38.13 , suse/pcp:latest Container Release : 38.13 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:bci-bci-init-15.6-15.6-19.7 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:10 +0200 (CEST) Subject: SUSE-CU-2024:3517-1: Security update of bci/golang Message-ID: <20240808155410.EE7C0FE88@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3517-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.37.5 , bci/golang:oldstable , bci/golang:oldstable-2.37.5 Container Release : 37.5 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:57 +0200 (CEST) Subject: SUSE-CU-2024:3534-1: Security update of bci/php-fpm Message-ID: <20240808155457.06318FF84@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3534-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-33.3 , bci/php-fpm:latest Container Release : 33.3 Severity : important Type : security References : 1227888 1228535 1228548 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:53:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:53:34 +0200 (CEST) Subject: SUSE-CU-2024:3507-1: Recommended update of suse/389-ds Message-ID: <20240808155334.E6A10FE13@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3507-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-38.5 , suse/389-ds:latest Container Release : 38.5 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:53:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:53:35 +0200 (CEST) Subject: SUSE-CU-2024:3508-1: Security update of suse/389-ds Message-ID: <20240808155335.7D89AFE1F@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3508-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-38.7 , suse/389-ds:latest Container Release : 38.7 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:30 +0200 (CEST) Subject: SUSE-CU-2024:3526-1: Recommended update of suse/nginx Message-ID: <20240808155430.A2F5DFF17@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3526-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-38.4 , suse/nginx:latest Container Release : 38.4 Severity : moderate Type : recommended References : 1228548 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) The following package changes have been done: - permissions-20240801-150600.10.4.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:28 +0200 (CEST) Subject: SUSE-CU-2024:3525-1: Security update of bci/bci-init Message-ID: <20240808155428.0AE34FEA4@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3525-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.19.7 , bci/bci-init:latest Container Release : 19.7 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:31 +0200 (CEST) Subject: SUSE-CU-2024:3527-1: Security update of suse/nginx Message-ID: <20240808155431.46EC5FF49@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3527-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-38.6 , suse/nginx:latest Container Release : 38.6 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:34 +0200 (CEST) Subject: SUSE-CU-2024:3528-1: Security update of bci/nodejs Message-ID: <20240808155434.4274BFF4B@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3528-1 Container Tags : bci/node:20 , bci/node:20-33.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-33.5 , bci/nodejs:latest Container Release : 33.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:57 +0200 (CEST) Subject: SUSE-CU-2024:3535-1: Security update of bci/php-fpm Message-ID: <20240808155457.980F7FF86@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3535-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-33.5 , bci/php-fpm:latest Container Release : 33.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:53:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:53:47 +0200 (CEST) Subject: SUSE-CU-2024:3511-1: Security update of suse/registry Message-ID: <20240808155347.A28BFFE84@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3511-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-22.4 , suse/registry:latest Container Release : 22.4 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:53:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:53:30 +0200 (CEST) Subject: SUSE-CU-2024:3505-1: Security update of suse/sle15 Message-ID: <20240808155330.E963DFE10@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3505-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.10 , suse/sle15:15.5 , suse/sle15:15.5.36.14.10 Container Release : 36.14.10 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150400.10.21.1 updated - shadow-4.8.1-150400.10.21.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:54 +0200 (CEST) Subject: SUSE-CU-2024:3533-1: Security update of bci/php-apache Message-ID: <20240808155454.3D93FFF7C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3533-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-33.5 , bci/php-apache:latest Container Release : 33.5 Severity : moderate Type : security References : 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 15:54:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 8 Aug 2024 17:54:19 +0200 (CEST) Subject: SUSE-CU-2024:3521-1: Security update of bci/golang Message-ID: <20240808155419.2A688FE94@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3521-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-37.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-37.5 Container Release : 37.5 Severity : important Type : security References : 1227888 1228535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - container:sles15-image-15.6.0-47.11.4 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:02:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:02:42 +0200 (CEST) Subject: SUSE-IU-2024:836-1: Security update of suse-sles-15-sp5-chost-byos-v20240809-hvm-ssd-x86_64 Message-ID: <20240810070242.8E3B8FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240809-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:836-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240809-hvm-ssd-x86_64:20240809 Image Release : Severity : important Type : security References : 1027519 1208690 1214718 1214960 1219004 1221984 1222075 1223107 1225976 1226125 1226128 1226412 1226469 1226529 1226664 1227067 1227106 1227355 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-46842 CVE-2024-1737 CVE-2024-1975 CVE-2024-31143 CVE-2024-37891 CVE-2024-4076 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240809-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2654-1 Released: Tue Jul 30 15:33:33 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2678-1 Released: Wed Jul 31 06:59:12 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2742-1 Released: Mon Aug 5 17:35:36 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:05 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2862-1 Released: Fri Aug 9 09:20:34 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150500.8.21.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - libassuan0-2.5.5-150000.4.7.1 updated - login_defs-4.8.1-150400.10.21.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-bind-9.16.50-150500.8.21.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-lxml-4.9.1-150500.3.4.3 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - suseconnect-ng-1.11.0-150500.3.26.4 updated - wicked-service-0.6.76-150500.3.33.1 updated - wicked-0.6.76-150500.3.33.1 updated - xen-libs-4.17.4_04-150500.3.33.1 updated - xen-tools-domU-4.17.4_04-150500.3.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:02:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:02:59 +0200 (CEST) Subject: SUSE-IU-2024:837-1: Security update of sles-15-sp5-chost-byos-v20240809-arm64 Message-ID: <20240810070259.19751F78C@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240809-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:837-1 Image Tags : sles-15-sp5-chost-byos-v20240809-arm64:20240809 Image Release : Severity : important Type : security References : 1027519 1208690 1214718 1214960 1219004 1221984 1222075 1223107 1225976 1226125 1226128 1226412 1226469 1226529 1226664 1227067 1227106 1227355 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-46842 CVE-2024-1737 CVE-2024-1975 CVE-2024-31143 CVE-2024-37891 CVE-2024-4076 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240809-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2654-1 Released: Tue Jul 30 15:33:33 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2678-1 Released: Wed Jul 31 06:59:12 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2742-1 Released: Mon Aug 5 17:35:36 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:05 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2862-1 Released: Fri Aug 9 09:20:34 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150500.8.21.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - google-guest-agent-20240314.00-150400.1.48.7 updated - google-guest-configs-20240307.00-150400.13.11.6 updated - google-guest-oslogin-20240311.00-150400.1.45.7 updated - google-osconfig-agent-20240320.00-150400.1.35.7 updated - growpart-rootgrow-1.0.7-150400.1.14.7 updated - libassuan0-2.5.5-150000.4.7.1 updated - login_defs-4.8.1-150400.10.21.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-bind-9.16.50-150500.8.21.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-lxml-4.9.1-150500.3.4.3 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - suseconnect-ng-1.11.0-150500.3.26.4 updated - wicked-service-0.6.76-150500.3.33.1 updated - wicked-0.6.76-150500.3.33.1 updated - xen-libs-4.17.4_04-150500.3.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:09:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:09:07 +0200 (CEST) Subject: SUSE-CU-2024:3576-1: Security update of suse/sle15 Message-ID: <20240810070907.B4DADF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3576-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.25 Container Release : 9.8.25 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:09:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:09:30 +0200 (CEST) Subject: SUSE-CU-2024:3577-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240810070930.0EA12F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3577-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.10 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.10 Container Release : 6.10 Severity : important Type : security References : 1220356 1227525 1228770 CVE-2013-4235 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - login_defs-4.8.1-150300.4.18.1 updated - shadow-4.8.1-150300.4.18.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:09:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:09:57 +0200 (CEST) Subject: SUSE-CU-2024:3578-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240810070957.B3B60F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3578-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.8 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.8 Container Release : 5.8 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:11:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:11:16 +0200 (CEST) Subject: SUSE-CU-2024:3580-1: Security update of bci/bci-busybox Message-ID: <20240810071116.34D91F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3580-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.31.2 Container Release : 31.2 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:13:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:13:37 +0200 (CEST) Subject: SUSE-CU-2024:3582-1: Security update of bci/bci-micro Message-ID: <20240810071337.23783F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3582-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.30.2 Container Release : 30.2 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:19:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:19:47 +0200 (CEST) Subject: SUSE-CU-2024:3590-1: Security update of suse/sle15 Message-ID: <20240810071947.8E645F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3590-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.11 , suse/sle15:15.5 , suse/sle15:15.5.36.14.11 Container Release : 36.14.11 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:20:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:20:11 +0200 (CEST) Subject: SUSE-CU-2024:3595-1: Security update of bci/bci-busybox Message-ID: <20240810072011.7F7F1F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3595-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.24.2 , bci/bci-busybox:latest Container Release : 24.2 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:20:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:20:17 +0200 (CEST) Subject: SUSE-CU-2024:3596-1: Security update of suse/registry Message-ID: <20240810072017.41ED4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3596-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.4 , suse/registry:latest Container Release : 24.4 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - container:micro-image-15.6.0-24.2 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:20:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:20:56 +0200 (CEST) Subject: SUSE-CU-2024:3605-1: Security update of suse/helm Message-ID: <20240810072056.7A5FDF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3605-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-22.4 , suse/helm:latest Container Release : 22.4 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - container:micro-image-15.6.0-24.2 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:21:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:21:00 +0200 (CEST) Subject: SUSE-CU-2024:3606-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240810072100.309C1F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3606-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.16 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.16 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:21:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:21:11 +0200 (CEST) Subject: SUSE-CU-2024:3608-1: Security update of bci/bci-micro Message-ID: <20240810072111.6DBA9F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3608-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.24.2 , bci/bci-micro:latest Container Release : 24.2 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:22:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:22:36 +0200 (CEST) Subject: SUSE-CU-2024:3624-1: Recommended update of bci/rust Message-ID: <20240810072236.85FF6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3624-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.3.2 , bci/rust:oldstable , bci/rust:oldstable-2.3.2 Container Release : 3.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2188-1 Released: Tue Jun 25 05:34:08 2024 Summary: Recommended update for rust, rust1.79 Type: recommended Severity: moderate References: This update for rust, rust1.79 fixes the following issues: Changes in rust1.79: Version 1.79.0 (2024-06-13) ========================== Language -------- - Stabilize inline `const {}` expressions. - Prevent opaque types being instantiated twice with different regions within the same function. - Stabilize WebAssembly target features that are in phase 4 and 5. - Add the `redundant_lifetimes` lint to detect lifetimes which are semantically redundant. - Stabilize the `unnameable_types` lint for public types that can't be named. - Enable debuginfo in macros, and stabilize `-C collapse-macro-debuginfo` and `#[collapse_debuginfo]`. - Propagate temporary lifetime extension into `if` and `match` expressions. - Restrict promotion of `const fn` calls. - Warn against refining impls of crate-private traits with `refining_impl_trait` lint. - Stabilize associated type bounds (RFC 2289). - Stabilize importing `main` from other modules or crates. - Check return types of function types for well-formedness - Rework `impl Trait` lifetime inference - Change inductive trait solver cycles to be ambiguous Compiler -------- - Define `-C strip` to only affect binaries, not artifacts like `.pdb`. - Stabilize `-Crelro-level` for controlling runtime link hardening. - Stabilize checking of `cfg` names and values at compile-time with `--check-cfg`. *Note that this only stabilizes the compiler part, the Cargo part is still unstable in this release.* - Add `aarch64-apple-visionos` and `aarch64-apple-visionos-sim` tier 3 targets. - Add `riscv32ima-unknown-none-elf` tier 3 target. - Promote several Windows targets to tier 2: `aarch64-pc-windows-gnullvm`, `i686-pc-windows-gnullvm`, and `x86_64-pc-windows-gnullvm`. Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - Implement `FromIterator` for `(impl Default + Extend, impl Default + Extend)`. - Implement `{Div,Rem}Assign>` on `X`. - Document overrides of `clone_from()` in core/std. - Link MSVC default lib in core. - Caution against using `transmute` between pointers and integers. - Enable frame pointers for the standard library. Stabilized APIs --------------- - `{integer}::unchecked_add` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.unchecked_add) - `{integer}::unchecked_mul` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.unchecked_mul) - `{integer}::unchecked_sub` https://doc.rust-lang.org/stable/core/primitive.i32.html#method.unchecked_sub) - `<[T]>::split_at_unchecked` https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_unchecked) - `<[T]>::split_at_mut_unchecked` https://doc.rust-lang.org/stable/core/primitive.slice.html#method.split_at_mut_unchecked) - `<[u8]>::utf8_chunks` https://doc.rust-lang.org/stable/core/primitive.slice.html#method.utf8_chunks) - `str::Utf8Chunks` https://doc.rust-lang.org/stable/core/str/struct.Utf8Chunks.html) - `str::Utf8Chunk` https://doc.rust-lang.org/stable/core/str/struct.Utf8Chunk.html) - `<*const T>::is_aligned` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_aligned) - `<*mut T>::is_aligned` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_aligned-1) - `NonNull::is_aligned` https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.is_aligned) - `<*const [T]>::len` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.len) - `<*mut [T]>::len` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.len-1) - `<*const [T]>::is_empty` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_empty) - `<*mut [T]>::is_empty` https://doc.rust-lang.org/stable/core/primitive.pointer.html#method.is_empty-1) - `NonNull::<[T]>::is_empty` https://doc.rust-lang.org/stable/core/ptr/struct.NonNull.html#method.is_empty) - `CStr::count_bytes` https://doc.rust-lang.org/stable/core/ffi/c_str/struct.CStr.html#method.count_bytes) - `io::Error::downcast` https://doc.rust-lang.org/stable/std/io/struct.Error.html#method.downcast) - `num::NonZero` https://doc.rust-lang.org/stable/core/num/struct.NonZero.html) - `path::absolute` https://doc.rust-lang.org/stable/std/path/fn.absolute.html) - `proc_macro::Literal::byte_character` https://doc.rust-lang.org/stable/proc_macro/struct.Literal.html#method.byte_character) - `proc_macro::Literal::c_string` https://doc.rust-lang.org/stable/proc_macro/struct.Literal.html#method.c_string) These APIs are now stable in const contexts: - `Atomic*::into_inner` https://doc.rust-lang.org/stable/core/sync/atomic/struct.AtomicUsize.html#method.into_inner) - `io::Cursor::new` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.new) - `io::Cursor::get_ref` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.get_ref) - `io::Cursor::position` https://doc.rust-lang.org/stable/std/io/struct.Cursor.html#method.position) - `io::empty` https://doc.rust-lang.org/stable/std/io/fn.empty.html) - `io::repeat` https://doc.rust-lang.org/stable/std/io/fn.repeat.html) - `io::sink` https://doc.rust-lang.org/stable/std/io/fn.sink.html) - `panic::Location::caller` https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.caller) - `panic::Location::file` https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.file) - `panic::Location::line` https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.line) - `panic::Location::column` https://doc.rust-lang.org/stable/std/panic/struct.Location.html#method.column) Cargo ----- - Prevent dashes in `lib.name`, always normalizing to `_`. - Stabilize MSRV-aware version requirement selection in `cargo add`. - Switch to using `gitoxide` by default for listing files. - Error on `[project]` in Edition 2024; `cargo fix --edition` will change it to `[package]`. Rustdoc ----- - Always display stability version even if it's the same as the containing item. - Show a single search result for items with multiple paths. - Support typing `/` in docs to begin a search. Compatibility Notes ------------------- - Update the minimum external LLVM to 17. - `RustcEncodable` and `RustcDecodable` are soft-destabilized, to be removed from the prelude in next edition. - The `wasm_c_abi` future-incompatibility lint will warn about use of the non-spec-compliant C ABI. Use `wasm-bindgen v0.2.88` to generate forward-compatible bindings. - Check return types of function types for well-formedness The following package changes have been done: - rust1.79-1.79.0-150500.11.3.1 added - cargo1.79-1.79.0-150500.11.3.1 added - container:sles15-image-15.6.0-47.11.6 updated - cargo1.78-1.78.0-150500.11.3.1 removed - rust1.78-1.78.0-150500.11.3.1 removed From sle-container-updates at lists.suse.com Sat Aug 10 07:22:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:22:40 +0200 (CEST) Subject: SUSE-CU-2024:3625-1: Recommended update of bci/rust Message-ID: <20240810072240.DEFEEF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3625-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.3.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.3.2 Container Release : 3.2 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2777-1 Released: Tue Aug 6 14:35:24 2024 Summary: Recommended update for rust, rust1.80 Type: recommended Severity: moderate References: This update for rust, rust1.80 fixes the following issues: Version 1.80.0 (2024-07-25) ========================== Language -------- - Document maximum allocation size - Allow zero-byte offsets and ZST read/writes on arbitrary pointers - Support C23's variadics without a named parameter - Stabilize `exclusive_range_pattern` feature - Guarantee layout and ABI of `Result` in some scenarios Compiler -------- - Update cc crate to v1.0.97 allowing additional spectre mitigations on MSVC targets - Allow field reordering on types marked `repr(packed(1))` - Add a lint against never type fallback affecting unsafe code - Disallow cast with trailing braced macro in let-else - Expand `for_loops_over_fallibles` lint to lint on fallibles behind references. - self-contained linker: retry linking without `-fuse-ld=lld` on CCs that don't support it - Do not parse CVarArgs (`...`) as a type in trait bounds - Improvements to LLDB formatting - For the wasm32-wasip2 target default to PIC and do not use `-fuse-ld=lld` - Add x86_64-unknown-linux-none as a tier 3 target - Lint on `foo.into_iter()` resolving to `&Box<[T]>: IntoIterator` Libraries --------- - Add `size_of` and `size_of_val` and `align_of` and `align_of_val` to the prelude - Abort a process when FD ownership is violated - io::Write::write_fmt: panic if the formatter fails when the stream does not fail - Panic if `PathBuf::set_extension` would add a path separator - Add assert_unsafe_precondition to unchecked_{add,sub,neg,mul,shl,shr} methods - Update `c_char` on AIX to use the correct type - `offset_of!` no longer returns a temporary - Handle sigma in `str.to_lowercase` correctly - Raise `DEFAULT_MIN_STACK_SIZE` to at least 64KiB Stabilized APIs --------------- - `impl Default for Rc` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3CCStr%3E - `impl Default for Rc` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3Cstr%3E - `impl Default for Rc<[T]>` https://doc.rust-lang.org/beta/alloc/rc/struct.Rc.html#impl-Default-for-Rc%3C%5BT%5D%3E - `impl Default for Arc` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3Cstr%3E - `impl Default for Arc` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3CCStr%3E - `impl Default for Arc<[T]>` https://doc.rust-lang.org/beta/alloc/sync/struct.Arc.html#impl-Default-for-Arc%3C%5BT%5D%3E - `impl IntoIterator for Box<[T]>` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-IntoIterator-for-Box%3C%5BI%5D,+A%3E - `impl FromIterator for Box` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-FromIterator%3CString%3E-for-Box%3Cstr%3E) - `impl FromIterator for Box` https://doc.rust-lang.org/beta/alloc/boxed/struct.Box.html#impl-FromIterator%3Cchar%3E-for-Box%3Cstr%3E - `LazyCell` https://doc.rust-lang.org/beta/core/cell/struct.LazyCell.html - `LazyLock` https://doc.rust-lang.org/beta/std/sync/struct.LazyLock.html - `Duration::div_duration_f32` https://doc.rust-lang.org/beta/std/time/struct.Duration.html#method.div_duration_f32 - `Duration::div_duration_f64` https://doc.rust-lang.org/beta/std/time/struct.Duration.html#method.div_duration_f64 - `Option::take_if` https://doc.rust-lang.org/beta/std/option/enum.Option.html#method.take_if - `Seek::seek_relative` https://doc.rust-lang.org/beta/std/io/trait.Seek.html#method.seek_relative - `BinaryHeap::as_slice` https://doc.rust-lang.org/beta/std/collections/struct.BinaryHeap.html#method.as_slice - `NonNull::offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.offset - `NonNull::byte_offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_offset - `NonNull::add` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.add - `NonNull::byte_add` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_add - `NonNull::sub` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.sub - `NonNull::byte_sub` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_sub - `NonNull::offset_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.offset_from - `NonNull::byte_offset_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.byte_offset_from - `NonNull::read` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read - `NonNull::read_volatile` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read_volatile - `NonNull::read_unaligned` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.read_unaligned - `NonNull::write` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write - `NonNull::write_volatile` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_volatile - `NonNull::write_unaligned` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_unaligned - `NonNull::write_bytes` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.write_bytes - `NonNull::copy_to` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_to - `NonNull::copy_to_nonoverlapping` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_to_nonoverlapping - `NonNull::copy_from` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_from - `NonNull::copy_from_nonoverlapping` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.copy_from_nonoverlapping - `NonNull::replace` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.replace - `NonNull::swap` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.swap - `NonNull::drop_in_place` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.drop_in_place - `NonNull::align_offset` https://doc.rust-lang.org/beta/std/ptr/struct.NonNull.html#method.align_offset - `<[T]>::split_at_checked` https://doc.rust-lang.org/beta/std/primitive.slice.html#method.split_at_checked - `<[T]>::split_at_mut_checked` https://doc.rust-lang.org/beta/std/primitive.slice.html#method.split_at_mut_checked - `str::split_at_checked` https://doc.rust-lang.org/beta/std/primitive.str.html#method.split_at_checked - `str::split_at_mut_checked` https://doc.rust-lang.org/beta/std/primitive.str.html#method.split_at_mut_checked - `str::trim_ascii` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii - `str::trim_ascii_start` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii_start - `str::trim_ascii_end` https://doc.rust-lang.org/beta/std/primitive.str.html#method.trim_ascii_end - `<[u8]>::trim_ascii` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii - `<[u8]>::trim_ascii_start` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii_start - `<[u8]>::trim_ascii_end` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.trim_ascii_end - `Ipv4Addr::BITS` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#associatedconstant.BITS - `Ipv4Addr::to_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#method.to_bits - `Ipv4Addr::from_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv4Addr.html#method.from_bits - `Ipv6Addr::BITS` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#associatedconstant.BITS - `Ipv6Addr::to_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#method.to_bits - `Ipv6Addr::from_bits` https://doc.rust-lang.org/beta/core/net/struct.Ipv6Addr.html#method.from_bits - `Vec::<[T; N]>::into_flattened` https://doc.rust-lang.org/beta/alloc/vec/struct.Vec.html#method.into_flattened - `<[[T; N]]>::as_flattened` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.as_flattened - `<[[T; N]]>::as_flattened_mut` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.as_flattened_mut These APIs are now stable in const contexts: - `<[T]>::last_chunk` https://doc.rust-lang.org/beta/core/primitive.slice.html#method.last_chunk - `BinaryHeap::new` https://doc.rust-lang.org/beta/std/collections/struct.BinaryHeap.html#method.new Cargo ----- - Stabilize `-Zcheck-cfg` as always enabled - Warn, rather than fail publish, if a target is excluded - Add special `check-cfg` lint config for the `unexpected_cfgs` lint - Stabilize `cargo update --precise ` - Don't change file permissions on `Cargo.toml` when using `cargo add` - Support using `cargo fix` on IPv6-only networks Rustdoc ----- - Allow searching for references - Stabilize `custom_code_classes_in_docs` feature - fix: In cross-crate scenarios show enum variants on type aliases of enums Compatibility Notes ------------------- - rustfmt estimates line lengths differently when using non-ascii characters - Type aliases are now handled correctly in orphan check - Allow instructing rustdoc to read from stdin via `-` - `std::env::{set_var, remove_var}` can no longer be converted to safe function pointers and no longer implement the `Fn` family of traits - Warn (or error) when `Self` constructor from outer item is referenced in inner nested item - Turn `indirect_structural_match` and `pointer_structural_match` lints into hard errors - Make `where_clause_object_safety` lint a regular object safety violation - Turn `proc_macro_back_compat` lint into a hard error. - Detect unused structs even when implementing private traits - `std::sync::ReentrantLockGuard` is no longer `Sync` if `T: !Sync` The following package changes have been done: - rust1.80-1.80.0-150500.11.3.1 added - cargo1.80-1.80.0-150500.11.3.1 added - container:sles15-image-15.6.0-47.11.6 updated - cargo1.79-1.79.0-150500.11.3.1 removed - rust1.79-1.79.0-150500.11.3.1 removed From sle-container-updates at lists.suse.com Sat Aug 10 07:23:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 09:23:06 +0200 (CEST) Subject: SUSE-CU-2024:3628-1: Security update of suse/sle15 Message-ID: <20240810072306.7139DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3628-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.6 , suse/sle15:15.6 , suse/sle15:15.6.47.11.6 Container Release : 47.11.6 Severity : important Type : security References : 1220356 1227525 1227888 1228322 1228535 1228548 1228770 CVE-2013-4235 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - curl-8.6.0-150600.4.3.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:01:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:01:24 +0200 (CEST) Subject: SUSE-IU-2024:839-1: Security update of suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2 Message-ID: <20240811070124.C1B9CFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:839-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2:20240809 Image Release : Severity : important Type : security References : 1208690 1226412 1226529 1228256 1228257 1228258 CVE-2024-1737 CVE-2024-1975 CVE-2024-4076 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240809-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2862-1 Released: Fri Aug 9 09:20:34 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150500.8.21.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - gettext-runtime-0.20.2-1.43 removed - glibc-2.31-150300.83.1 removed - glibc-locale-2.31-150300.83.1 removed - glibc-locale-base-2.31-150300.83.1 removed - gpg2-2.2.27-150300.3.8.1 removed - gptfdisk-1.0.8-150400.1.7 removed - grep-3.1-150000.4.6.1 removed - growpart-0.31-5.9.3 removed - grub2-2.06-150500.29.25.12 removed - grub2-i386-pc-2.06-150500.29.25.12 removed - grub2-x86_64-efi-2.06-150500.29.25.12 removed - gzip-1.10-150200.10.1 removed - haveged-1.9.14-150400.3.3.1 removed - hostname-3.16-2.22 removed - hwdata-0.380-150000.3.68.1 removed - hwinfo-21.85-150500.3.3.1 removed - hyper-v-8-150200.14.8.1 removed - info-6.5-4.17 removed - iproute2-5.14-150400.1.8 removed - iptables-1.8.7-1.1 removed - iputils-20221126-150500.3.8.2 removed - jq-1.6-3.3.1 removed - kbd-2.4.0-150400.5.6.1 removed - kbd-legacy-2.4.0-150400.5.6.1 removed - kdump-1.0.2+git47.g28549ab-150500.3.6.1 removed - kernel-default-5.14.21-150500.55.68.1 removed - kexec-tools-2.0.20-150500.18.3 removed - keyutils-1.6.3-5.6.1 removed - kmod-29-4.15.1 removed - krb5-1.20.1-150500.3.9.1 removed - less-590-150400.3.9.1 removed - libabsl2401_0_0-20240116.1-150500.13.7.8 removed - libacl1-2.2.52-4.3.1 removed - libapparmor1-3.0.4-150500.11.9.1 removed - libargon2-1-0.0+git20171227.670229c-2.14 removed - libasm1-0.185-150400.5.3.1 removed - libassuan0-2.5.5-150000.4.5.2 removed - libattr1-2.4.47-2.19 removed - libaudit1-3.0.6-150400.4.16.1 removed - libaugeas0-1.12.0-150400.3.3.6 removed - libauparse0-3.0.6-150400.4.16.1 removed - libavahi-client3-0.8-150400.7.16.1 removed - libavahi-common3-0.8-150400.7.16.1 removed - libblkid1-2.37.4-150500.9.11.1 removed - libblogger2-2.26-150300.4.6.1 removed - libboost_system1_66_0-1.66.0-12.3.1 removed - libboost_thread1_66_0-1.66.0-12.3.1 removed - libbrotlicommon1-1.0.7-3.3.1 removed - libbrotlidec1-1.0.7-3.3.1 removed - libbz2-1-1.0.8-150400.1.122 removed - libcap-ng0-0.7.9-4.37 removed - libcap2-2.63-150400.3.3.1 removed - libcares2-1.19.1-150000.3.26.1 removed - libcbor0-0.5.0-150100.4.6.1 removed - libcom_err2-1.46.4-150400.3.6.2 removed - libcpupower0-5.14-150500.9.3.1 removed - libcrack2-2.9.7-11.6.1 removed - libcrypt1-4.4.15-150300.4.7.1 removed - libcryptsetup12-2.4.3-150400.3.3.1 removed - libcurl4-8.0.1-150400.5.44.1 removed - libdbus-1-3-1.12.2-150400.18.8.1 removed - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 removed - libdw1-0.185-150400.5.3.1 removed - libeconf0-0.5.2-150400.3.6.1 removed - libedit0-3.1.snap20150325-2.12 removed - libefivar1-37-6.12.1 removed - libelf1-0.185-150400.5.3.1 removed - libesmtp-1.0.6-150.4.1 removed - libestr0-0.1.10-1.25 removed - libevent-2_1-8-2.1.8-2.23 removed - libexpat1-2.4.4-150400.3.17.1 removed - libext2fs2-1.46.4-150400.3.6.2 removed - libfastjson4-0.99.9-150400.3.3.1 removed - libfdisk1-2.37.4-150500.9.11.1 removed - libffi7-3.2.1.git259-10.8 removed - libfido2-1-1.13.0-150400.5.6.1 removed - libfipscheck1-1.4.1-3.3.1 removed - libfreetype6-2.10.4-150000.4.15.1 removed - libfstrm0-0.6.1-150300.9.5.1 removed - libfuse2-2.9.7-3.3.1 removed - libgcc_s1-13.3.0+git8781-150000.1.12.1 removed - libgcrypt20-1.9.4-150500.10.19 removed - libgdbm4-1.12-1.418 removed - libglib-2_0-0-2.70.5-150400.3.11.1 removed - libgmp10-6.1.2-4.9.1 removed - libgnutls30-3.7.3-150400.4.44.1 removed - libgpg-error0-1.42-150400.1.101 removed - libgpgme11-1.16.0-150400.1.80 removed - libhavege2-1.9.14-150400.3.3.1 removed - libhidapi-hidraw0-0.10.1-150300.3.2.1 removed - libhogweed6-3.8.1-150500.2.25 removed - libidn2-0-2.2.0-3.6.1 removed - libinih0-53-150400.1.7 removed - libip4tc2-1.8.7-1.1 removed - libip6tc2-1.8.7-1.1 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - libjq1-1.6-3.3.1 removed - libjson-c3-0.13-3.3.1 removed - libkeyutils1-1.6.3-5.6.1 removed - libkmod2-29-4.15.1 removed - libksba8-1.3.5-150000.4.6.1 removed - libldap-2_4-2-2.4.46-150200.14.17.1 removed - libldap-data-2.4.46-150200.14.17.1 removed - libldb2-2.6.2-150500.1.1 removed - liblmdb-0_9_30-0.9.30-150500.1.1 removed - liblogging0-1.0.6-3.21 removed - liblognorm5-2.0.6-150000.3.3.1 removed - liblua5_3-5-5.3.6-3.6.1 removed - liblz4-1-1.9.3-150400.1.7 removed - liblzma5-5.2.3-150000.4.7.1 removed - liblzo2-2-2.10-2.22 removed - libmagic1-5.32-7.14.1 removed - libmaxminddb0-1.4.3-150000.1.8.1 removed - libmetalink3-0.1.3-150000.3.2.1 removed - libmnl0-1.0.4-1.25 removed - libmount1-2.37.4-150500.9.11.1 removed - libncurses6-6.1-150000.5.24.1 removed - libnetfilter_conntrack3-1.0.7-1.38 removed - libnetfilter_cthelper0-1.0.0-1.21 removed - libnetfilter_cttimeout1-1.0.0-1.22 removed - libnettle8-3.8.1-150500.2.25 removed - libnfnetlink0-1.0.1-2.11 removed - libnftnl11-1.2.0-150400.1.6 removed - libnghttp2-14-1.40.0-150200.17.1 removed - libnl-config-3.3.0-1.29 removed - libnl3-200-3.3.0-1.29 removed - libnpth0-1.5-2.11 removed - libnscd1-2.0.2-3.21 removed - libnsl2-1.2.0-2.44 removed - libnss_usrfiles2-2.25-2.12 removed - libonig4-6.7.0-150000.3.6.1 removed - libopeniscsiusr0-0.2.0-150500.46.3.1 removed - libopenssl1_1-1.1.1l-150500.17.31.1 removed - libp11-kit0-0.23.22-150500.8.3.1 removed - libparted0-3.2-150300.21.3.1 removed - libpcap1-1.10.1-150400.1.7 removed - libpci3-3.5.6-150300.13.6.1 removed - libpcre1-8.45-150000.20.13.1 removed - libpcre2-8-0-10.39-150400.4.9.1 removed - libpng16-16-1.6.34-3.9.1 removed - libpopt0-1.16-3.22 removed - libprocps8-3.3.17-150000.7.39.1 removed - libprotobuf-c1-1.3.2-150200.3.9.1 removed - libprotobuf-lite25_1_0-25.1-150500.12.2.2 removed - libproxy1-0.4.17-150400.1.8 removed - libpsl5-0.20.1-150000.3.3.1 removed - libpython3_6m1_0-3.6.15-150300.10.65.1 removed - librdkafka1-0.11.6-1.8.1 removed - libreadline7-7.0-150400.25.22 removed - librelp0-1.11.0-150000.3.3.1 removed - libsasl2-3-2.1.28-150500.1.1 removed - libseccomp2-2.5.3-150400.2.4 removed - libselinux1-3.1-150400.1.69 removed - libsemanage1-3.1-150400.3.4.2 removed - libsepol1-3.1-150400.1.70 removed - libsigc-2_0-0-2.10.7-150400.3.3.1 removed - libsmartcols1-2.37.4-150500.9.11.1 removed - libsmi-0.4.8-1.29 removed - libsmi2-0.4.8-1.29 removed - libsnappy1-1.1.8-3.3.1 removed - libsolv-tools-0.7.29-150400.3.22.4 removed - libsolv-tools-base-0.7.29-150400.3.22.4 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - libssh-config-0.9.8-150400.3.6.1 removed - libssh4-0.9.8-150400.3.6.1 removed - libstdc++6-13.3.0+git8781-150000.1.12.1 removed - libsystemd0-249.17-150400.8.40.1 removed - libtalloc2-2.3.4-150500.1.1 removed - libtasn1-4.13-150000.4.8.1 removed - libtasn1-6-4.13-150000.4.8.1 removed - libtdb1-1.4.7-150500.1.1 removed - libtevent0-0.13.0-150500.1.1 removed - libtextstyle0-0.20.2-1.43 removed - libtirpc-netconfig-1.3.4-150300.3.23.1 removed - libtirpc3-1.3.4-150300.3.23.1 removed - libtss2-esys0-3.1.0-150400.3.6.1 removed - libtss2-fapi1-3.1.0-150400.3.6.1 removed - libtss2-mu0-3.1.0-150400.3.6.1 removed - libtss2-rc0-3.1.0-150400.3.6.1 removed - libtss2-sys1-3.1.0-150400.3.6.1 removed - libtss2-tctildr0-3.1.0-150400.3.6.1 removed - libudev1-249.17-150400.8.40.1 removed - libunistring2-0.9.10-1.1 removed - libusb-1_0-0-1.0.24-150400.3.3.1 removed - libutempter0-1.1.6-3.42 removed - libuuid1-2.37.4-150500.9.11.1 removed - libuv1-1.44.2-150500.3.2.1 removed - libverto1-0.2.6-3.20 removed - libwrap0-7.6-1.433 removed - libx86emu3-3.1-1.23 removed - libxml2-2-2.10.3-150500.5.17.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - libxtables12-1.8.7-1.1 removed - libyajl2-2.1.0-150000.4.6.1 removed - libyaml-cpp0_6-0.6.3-150400.4.3.1 removed - libz1-1.2.13-150500.4.3.1 removed - libzck1-1.1.16-150400.3.7.1 removed - libzio1-1.06-2.20 removed - libzstd1-1.5.0-150400.3.3.1 removed - libzypp-17.34.1-150500.6.2.1 removed - login_defs-4.8.1-150400.10.15.1 removed - logrotate-3.18.1-150400.3.7.1 removed - makedumpfile-1.7.0-150400.4.3.1 removed - mokutil-0.5.0-150400.3.3.1 removed - ncurses-utils-6.1-150000.5.24.1 removed - net-tools-2.0+git20170221.479bb4a-3.11 removed - netcfg-11.6-150000.3.6.1 removed - nfs-client-2.1.1-150500.22.3.1 removed - nfsidmap-0.26-150000.3.7.1 removed - open-iscsi-2.1.9-150500.46.3.1 removed - openssh-8.4p1-150300.3.37.1 removed - openssh-clients-8.4p1-150300.3.37.1 removed - openssh-common-8.4p1-150300.3.37.1 removed - openssh-server-8.4p1-150300.3.37.1 removed - openssl-1.1.1l-150400.1.5 removed - openssl-1_1-1.1.1l-150500.17.31.1 removed - p11-kit-0.23.22-150500.8.3.1 removed - p11-kit-tools-0.23.22-150500.8.3.1 removed - pam-1.3.0-150000.6.66.1 removed - pam-config-1.1-150200.3.6.1 removed - parted-3.2-150300.21.3.1 removed - pciutils-3.5.6-150300.13.6.1 removed - perl-5.26.1-150300.17.17.1 removed - perl-Bootloader-0.947-150400.3.12.1 removed - perl-base-5.26.1-150300.17.17.1 removed - permissions-20201225-150400.5.16.1 removed - pigz-2.3.3-1.28 removed - pinentry-1.1.0-4.3.1 removed - pkg-config-0.29.2-1.436 removed - procps-3.3.17-150000.7.39.1 removed - python-azure-agent-2.9.1.1-150100.3.37.3 removed - python-azure-agent-config-server-2.9.1.1-150100.3.37.3 removed - python-instance-billing-flavor-check-0.0.6-150000.1.9.1 removed - python3-3.6.15-150300.10.65.2 removed - python3-Babel-2.8.0-3.3.1 removed - python3-Jinja2-2.10.1-150000.3.13.1 removed - python3-MarkupSafe-1.0-1.29 removed - python3-PyJWT-2.4.0-150200.3.8.1 removed - python3-PyYAML-5.4.1-1.1 removed - python3-apipkg-2.1.0-150500.1.1 removed - python3-appdirs-1.4.3-1.21 removed - python3-asn1crypto-0.24.0-3.2.1 removed - python3-attrs-19.3.0-150200.3.6.1 removed - python3-base-3.6.15-150300.10.65.1 removed - python3-bind-9.16.48-150500.8.16.1 removed - python3-blinker-1.4-150000.3.6.1 removed - python3-certifi-2018.1.18-150000.3.3.1 removed - python3-cffi-1.13.2-3.2.5 removed - python3-chardet-3.0.4-150000.5.3.1 removed - python3-configobj-5.0.6-150000.3.3.1 removed - python3-cryptography-3.3.2-150400.23.1 removed - python3-cssselect-1.0.3-150000.3.5.1 removed - python3-distro-1.5.0-3.5.1 removed - python3-idna-2.6-150000.3.3.1 removed - python3-importlib-metadata-1.5.0-150100.3.5.1 removed - python3-iniconfig-1.1.1-150000.1.11.1 removed - python3-jsonpatch-1.23-150100.3.5.1 removed - python3-jsonpointer-1.14-150000.3.2.1 removed - python3-jsonschema-3.2.0-150200.9.5.1 removed - python3-lxml-4.9.1-150500.1.2 removed - python3-more-itertools-8.10.0-150400.7.1 removed - python3-netifaces-0.10.6-150000.3.2.1 removed - python3-oauthlib-2.0.6-150000.3.6.1 removed - python3-ordered-set-4.0.2-150400.8.34 removed - python3-packaging-21.3-150200.3.3.1 removed - python3-passlib-1.7.4-150300.3.2.1 removed - python3-ply-3.10-150000.3.5.1 removed - python3-py-1.10.0-150100.5.12.1 removed - python3-pyOpenSSL-21.0.0-150400.7.62 removed - python3-pyasn1-0.4.2-150000.3.5.1 removed - python3-pycparser-2.17-3.2.1 removed - python3-pyparsing-2.4.7-1.24 removed - python3-pyrsistent-0.14.4-150100.3.4.1 removed - python3-pyserial-3.4-150000.3.4.1 removed - python3-pytz-2022.1-150300.3.6.1 removed - python3-requests-2.25.1-150300.3.12.2 removed - python3-setuptools-44.1.1-150400.9.6.1 removed - python3-six-1.14.0-12.1 removed - python3-urllib3-1.25.10-150300.4.9.1 removed - python3-zipp-0.6.0-150100.3.5.1 removed - rpcbind-0.2.3-5.9.2 removed - rpm-config-SUSE-1-150400.14.3.1 removed - rpm-ndb-4.14.3-150400.59.16.1 removed - rsyslog-8.2306.0-150400.5.27.1 removed - rsyslog-module-relp-8.2306.0-150400.5.27.1 removed - runc-1.1.12-150000.64.1 removed - samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 removed - sed-4.4-150300.13.3.1 removed - shadow-4.8.1-150400.10.15.1 removed - shim-15.8-150300.4.20.2 removed - sle-module-basesystem-release-15.5-150500.43.2 removed - sle-module-containers-release-15.5-150500.43.2 removed - sle-module-public-cloud-release-15.5-150500.43.2 removed - sle-module-server-applications-release-15.5-150500.43.2 removed - sles-release-15.5-150500.43.4 removed - socat-1.8.0.0-150400.14.3.1 removed - sudo-1.9.12p1-150500.7.10.1 removed - supportutils-3.1.30-150300.7.35.30.1 removed - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 removed - suse-build-key-12.0-150000.8.49.2 removed - suse-module-tools-15.5.5-150500.3.12.2 removed - suseconnect-ng-1.9.0-150500.3.21.2 removed - sysconfig-0.85.9-150200.12.1 removed - sysconfig-netconfig-0.85.9-150200.12.1 removed - syslog-service-2.0-11.2 removed - system-group-audit-3.0.6-150400.4.16.1 removed - system-group-hardware-20170617-150400.24.2.1 removed - system-group-kvm-20170617-150400.24.2.1 removed - system-group-wheel-20170617-150400.24.2.1 removed - system-user-nobody-20170617-150400.24.2.1 removed - system-user-root-20190513-3.3.1 removed - systemd-249.17-150400.8.40.1 removed - systemd-default-settings-0.10-150300.3.7.1 removed - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 removed - systemd-presets-branding-SLE-15.1-150100.20.14.1 removed - systemd-presets-common-SUSE-15-150500.20.6.1 removed - systemd-rpm-macros-15-150000.7.39.1 removed - systemd-sysvinit-249.17-150400.8.40.1 removed - sysuser-shadow-3.2-150400.3.5.3 removed - sysvinit-tools-2.99-1.1 removed - tar-1.34-150000.3.34.1 removed - tcpdump-4.99.1-150400.1.8 removed - terminfo-6.1-150000.5.24.1 removed - terminfo-base-6.1-150000.5.24.1 removed - timezone-2024a-150000.75.28.1 removed - tpm2.0-tools-5.2-150400.6.3.1 removed - udev-249.17-150400.8.40.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed - util-linux-2.37.4-150500.9.11.1 removed - util-linux-systemd-2.37.4-150500.9.11.1 removed - vim-9.1.0330-150500.20.12.1 removed - vim-data-common-9.1.0330-150500.20.12.1 removed - wget-1.20.3-150000.3.20.1 removed - which-2.21-2.20 removed - wicked-0.6.75-150500.3.29.1 removed - wicked-service-0.6.75-150500.3.29.1 removed - xen-libs-4.17.4_02-150500.3.30.1 removed - xfsprogs-5.13.0-150400.3.10.2 removed - xtables-plugins-1.8.7-1.1 removed - xz-5.2.3-150000.4.7.1 removed - zstd-1.5.0-150400.3.3.1 removed - zypper-1.14.73-150500.6.2.1 removed From sle-container-updates at lists.suse.com Sun Aug 11 07:02:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:02:47 +0200 (CEST) Subject: SUSE-CU-2024:3629-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240811070247.C83A2FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3629-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.9 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.9 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:03:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:03:46 +0200 (CEST) Subject: SUSE-CU-2024:3630-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240811070346.82028FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3630-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.9 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.9 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:07:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:07:24 +0200 (CEST) Subject: SUSE-CU-2024:3628-1: Security update of suse/sle15 Message-ID: <20240811070724.59007FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3628-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.6 , suse/sle15:15.6 , suse/sle15:15.6.47.11.6 Container Release : 47.11.6 Severity : important Type : security References : 1220356 1227525 1227888 1228322 1228535 1228548 1228770 CVE-2013-4235 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - curl-8.6.0-150600.4.3.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:08:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:08:32 +0200 (CEST) Subject: SUSE-CU-2024:3634-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240811070832.D118DFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3634-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.13 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.13 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - container:sles15-ltss-image-15.0.0-5.8 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:09:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:09:44 +0200 (CEST) Subject: SUSE-CU-2024:3637-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240811070944.53842FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3637-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.10 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.10 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - container:sles15-ltss-image-15.0.0-5.8 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:10:42 +0200 (CEST) Subject: SUSE-CU-2024:3638-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240811071042.2FA36FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3638-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.6 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.6 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sun Aug 11 07:13:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 11 Aug 2024 09:13:33 +0200 (CEST) Subject: SUSE-CU-2024:3640-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240811071333.DB0CFFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3640-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.8 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.8 Severity : important Type : security References : 1220356 1227525 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Tue Aug 13 07:02:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:02:35 +0200 (CEST) Subject: SUSE-CU-2024:3641-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240813070235.46262F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3641-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.10 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.10 Severity : low Type : recommended References : 1227115 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated From sle-container-updates at lists.suse.com Tue Aug 13 07:03:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:03:30 +0200 (CEST) Subject: SUSE-CU-2024:3642-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240813070330.2BEDEF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3642-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.10 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.10 Severity : low Type : recommended References : 1227115 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated From sle-container-updates at lists.suse.com Tue Aug 13 07:05:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:05:44 +0200 (CEST) Subject: SUSE-CU-2024:3643-1: Recommended update of suse/sle15 Message-ID: <20240813070544.D8A23F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3643-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.28 Container Release : 9.8.28 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:03 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) The following package changes have been done: - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libzypp-17.35.8-150200.121.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Aug 13 07:06:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:06:02 +0200 (CEST) Subject: SUSE-CU-2024:3644-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240813070602.9B55CF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3644-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.13 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.13 Container Release : 6.13 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:03 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) The following package changes have been done: - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libzypp-17.35.8-150200.121.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Aug 13 07:06:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:06:25 +0200 (CEST) Subject: SUSE-CU-2024:3645-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240813070625.1B9B5F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3645-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.9 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.9 Container Release : 5.9 Severity : low Type : recommended References : 1227115 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated From sle-container-updates at lists.suse.com Tue Aug 13 07:09:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:09:21 +0200 (CEST) Subject: SUSE-CU-2024:3646-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240813070922.0196CF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3646-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.9 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.9 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:03 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) The following package changes have been done: - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libzypp-17.35.8-150200.121.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Tue Aug 13 07:12:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 13 Aug 2024 09:12:06 +0200 (CEST) Subject: SUSE-CU-2024:3648-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240813071206.3FB5FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3648-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.11 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.11 Severity : important Type : recommended References : 1081596 1223094 1224771 1225267 1226014 1226030 1226493 1227205 1227625 1227793 1228138 1228206 1228208 1228420 1228787 222971 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2870-1 Released: Mon Aug 12 06:52:03 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Report unsupported compression in solv_xfopen() with errno - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) The following package changes have been done: - libsolv-tools-base-0.7.30-150200.37.2 updated - libsolv-tools-0.7.30-150200.37.2 updated - libzypp-17.35.8-150200.121.1 updated - zypper-1.14.76-150200.88.10 updated - libprotobuf-lite20-3.9.2-150200.4.21.1 removed From sle-container-updates at lists.suse.com Wed Aug 14 07:09:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:09:04 +0200 (CEST) Subject: SUSE-CU-2024:3652-1: Security update of bci/bci-init Message-ID: <20240814070904.7E253FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3652-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.25.8 Container Release : 25.8 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:09:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:09:54 +0200 (CEST) Subject: SUSE-CU-2024:3653-1: Security update of bci/nodejs Message-ID: <20240814070954.26C7BFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3653-1 Container Tags : bci/node:18 , bci/node:18-28.6 , bci/nodejs:18 , bci/nodejs:18-28.6 Container Release : 28.6 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:10:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:10:52 +0200 (CEST) Subject: SUSE-CU-2024:3654-1: Security update of bci/openjdk-devel Message-ID: <20240814071052.934AEFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3654-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-25.12 Container Release : 25.12 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - container:bci-openjdk-11-15.5.11-26.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:11:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:11:41 +0200 (CEST) Subject: SUSE-CU-2024:3655-1: Security update of bci/openjdk Message-ID: <20240814071141.032DEFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3655-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-26.7 Container Release : 26.7 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:06:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:06:38 +0200 (CEST) Subject: SUSE-CU-2024:3651-1: Security update of bci/bci-base-fips Message-ID: <20240814070638.5FF93F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3651-1 Container Tags : bci/bci-base-fips:15.5 , bci/bci-base-fips:15.5.5.7 Container Release : 5.7 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:12:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:12:40 +0200 (CEST) Subject: SUSE-CU-2024:3656-1: Security update of bci/openjdk-devel Message-ID: <20240814071240.1A869F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3656-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-27.11 Container Release : 27.11 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - container:bci-openjdk-17-15.5.17-28.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:13:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:13:29 +0200 (CEST) Subject: SUSE-CU-2024:3657-1: Security update of bci/openjdk Message-ID: <20240814071329.3B3AFF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3657-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-28.7 Container Release : 28.7 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:13:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:13:59 +0200 (CEST) Subject: SUSE-CU-2024:3658-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240814071359.6B8A9F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3658-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.20.6 Container Release : 20.6 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:14:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:14:38 +0200 (CEST) Subject: SUSE-CU-2024:3659-1: Security update of suse/sle15 Message-ID: <20240814071438.07E61F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3659-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.13 , suse/sle15:15.5 , suse/sle15:15.5.36.14.13 Container Release : 36.14.13 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libuuid1-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - util-linux-2.37.4-150500.9.14.2 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:15:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:15:02 +0200 (CEST) Subject: SUSE-CU-2024:3664-1: Recommended update of suse/registry Message-ID: <20240814071502.B81F8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3664-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.5 , suse/registry:latest Container Release : 24.5 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:15:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:15:43 +0200 (CEST) Subject: SUSE-CU-2024:3672-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240814071543.46407FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3672-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.18 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.18 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - dmidecode-3.6-150400.16.11.2 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:15:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:15:51 +0200 (CEST) Subject: SUSE-CU-2024:3673-1: Recommended update of bci/bci-init Message-ID: <20240814071551.6B6C6FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3673-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.21.4 , bci/bci-init:latest Container Release : 21.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:16:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:16:13 +0200 (CEST) Subject: SUSE-CU-2024:3677-1: Recommended update of bci/openjdk-devel Message-ID: <20240814071613.95463FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3677-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-20.6 , bci/openjdk-devel:latest Container Release : 20.6 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:bci-openjdk-21-15.6.21-20.3 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:16:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:16:28 +0200 (CEST) Subject: SUSE-CU-2024:3679-1: Recommended update of suse/pcp Message-ID: <20240814071628.780C1FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3679-1 Container Tags : suse/pcp:5 , suse/pcp:5-40.7 , suse/pcp:5.3 , suse/pcp:5.3-40.7 , suse/pcp:5.3.7 , suse/pcp:5.3.7-40.7 , suse/pcp:latest Container Release : 40.7 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - util-linux-systemd-2.39.3-150600.4.9.4 updated - container:bci-bci-init-15.6-15.6-21.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:16:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:16:33 +0200 (CEST) Subject: SUSE-CU-2024:3680-1: Recommended update of bci/php-apache Message-ID: <20240814071633.D582AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3680-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-35.4 , bci/php-apache:latest Container Release : 35.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:16:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:16:53 +0200 (CEST) Subject: SUSE-CU-2024:3684-1: Recommended update of bci/python Message-ID: <20240814071653.35E39FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3684-1 Container Tags : bci/python:3 , bci/python:3-47.4 , bci/python:3.11 , bci/python:3.11-47.4 Container Release : 47.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:17:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:17:02 +0200 (CEST) Subject: SUSE-CU-2024:3685-1: Recommended update of bci/python Message-ID: <20240814071702.44033FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3685-1 Container Tags : bci/python:3 , bci/python:3-47.4 , bci/python:3.12 , bci/python:3.12-47.4 , bci/python:latest Container Release : 47.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:17:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:17:14 +0200 (CEST) Subject: SUSE-CU-2024:3688-1: Recommended update of suse/rmt-mariadb Message-ID: <20240814071714.408EAFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3688-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-40.4 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-40.4 , suse/rmt-mariadb:latest Container Release : 40.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:17:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:17:19 +0200 (CEST) Subject: SUSE-CU-2024:3689-1: Recommended update of bci/ruby Message-ID: <20240814071719.12A16FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3689-1 Container Tags : bci/ruby:2 , bci/ruby:2-21.4 , bci/ruby:2.5 , bci/ruby:2.5-21.4 , bci/ruby:latest Container Release : 21.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:17:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:17:31 +0200 (CEST) Subject: SUSE-CU-2024:3692-1: Recommended update of containers/apache-tomcat Message-ID: <20240814071731.3ED64FCBE@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3692-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-41.3 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-41.3 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-41.3 Container Release : 41.3 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 07:17:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 09:17:44 +0200 (CEST) Subject: SUSE-CU-2024:3693-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240814071744.E0E51FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3693-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.21.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 21.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:03:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:03:07 +0200 (CEST) Subject: SUSE-CU-2024:3694-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240814110307.9684CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3694-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.20 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.20 Severity : moderate Type : security References : 1159034 1194818 1222285 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libuuid1-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - util-linux-2.37.4-150500.9.14.2 updated - container:sles15-image-15.0.0-36.14.13 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:05:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:05:47 +0200 (CEST) Subject: SUSE-CU-2024:3693-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240814110547.4D2F8FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3693-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.21.4 , bci/bci-sle15-kernel-module-devel:latest Container Release : 21.4 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libuuid1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:05:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:05:54 +0200 (CEST) Subject: SUSE-CU-2024:3695-1: Recommended update of suse/sle15 Message-ID: <20240814110554.7ED6DFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3695-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.7 , suse/sle15:15.6 , suse/sle15:15.6.47.11.7 Container Release : 47.11.7 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libblkid1-2.39.3-150600.4.9.4 updated - libfdisk1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated - libsmartcols1-2.39.3-150600.4.9.4 updated - libuuid1-2.39.3-150600.4.9.4 updated - util-linux-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:05:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:05:58 +0200 (CEST) Subject: SUSE-CU-2024:3696-1: Recommended update of bci/spack Message-ID: <20240814110558.94643FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3696-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-5.3 , bci/spack:0.21.2 , bci/spack:0.21.2-5.3 , bci/spack:latest Container Release : 5.3 Severity : moderate Type : recommended References : 1159034 1194818 1218609 1222285 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2888-1 Released: Tue Aug 13 11:07:41 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1218609,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - Improved man page for chcpu (bsc#1218609). The following package changes have been done: - libblkid1-2.39.3-150600.4.9.4 updated - libmount1-2.39.3-150600.4.9.4 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:06:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:06:35 +0200 (CEST) Subject: SUSE-CU-2024:3697-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240814110635.21A6EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3697-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.14 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.14 Severity : low Type : recommended References : 1227115 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated - container:sles15-ltss-image-15.0.0-5.9 updated From sle-container-updates at lists.suse.com Wed Aug 14 11:06:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 13:06:58 +0200 (CEST) Subject: SUSE-CU-2024:3698-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240814110658.E9EB9FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3698-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.15 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.15 Severity : low Type : recommended References : 1227115 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated - container:sles15-ltss-image-15.0.0-5.9 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:15 +0200 (CEST) Subject: SUSE-CU-2024:3702-1: Security update of bci/python Message-ID: <20240814165415.F08E9F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3702-1 Container Tags : bci/python:3 , bci/python:3-47.5 , bci/python:3.12 , bci/python:3.12-47.5 , bci/python:latest Container Release : 47.5 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2904-1 Released: Wed Aug 14 09:32:22 2024 Summary: Security update for python312-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python312-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python312-setuptools-68.1.2-150600.3.3.1 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:17 +0200 (CEST) Subject: SUSE-CU-2024:3703-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20240814165417.BA368F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3703-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.4 , suse/sles/15.7/cdi-apiserver:1.58.0.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - containerized-data-importer-api-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:18 +0200 (CEST) Subject: SUSE-CU-2024:3704-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20240814165418.E63E2F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3704-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.4 , suse/sles/15.7/cdi-cloner:1.58.0.28.11 Container Release : 28.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - containerized-data-importer-cloner-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:20 +0200 (CEST) Subject: SUSE-CU-2024:3705-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20240814165420.1BF03F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3705-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.4 , suse/sles/15.7/cdi-controller:1.58.0.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - containerized-data-importer-controller-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:21 +0200 (CEST) Subject: SUSE-CU-2024:3706-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20240814165421.47DA3F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3706-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.4 , suse/sles/15.7/cdi-importer:1.58.0.28.11 Container Release : 28.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 1228872 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 CVE-2024-7383 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer at tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2813-1 Released: Wed Aug 7 12:01:37 2024 Summary: Security update for libnbd Type: security Severity: important References: 1228872,CVE-2024-7383 This update for libnbd fixes the following issues: - CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872) Other fixes: - Update to version 1.18.5. The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - libnbd0-1.18.5-150600.18.3.1 updated - containerized-data-importer-importer-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:22 +0200 (CEST) Subject: SUSE-CU-2024:3707-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20240814165422.76E3DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3707-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.4 , suse/sles/15.7/cdi-operator:1.58.0.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - containerized-data-importer-operator-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:23 +0200 (CEST) Subject: SUSE-CU-2024:3708-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20240814165423.A2141F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3708-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.4 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:24 +0200 (CEST) Subject: SUSE-CU-2024:3709-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20240814165424.B91DBF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3709-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.4 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.11 Container Release : 28.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 1228872 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 CVE-2024-7383 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer at tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2813-1 Released: Wed Aug 7 12:01:37 2024 Summary: Security update for libnbd Type: security Severity: important References: 1228872,CVE-2024-7383 This update for libnbd fixes the following issues: - CVE-2024-7383: Fixed incorrect verification of a NBD server's certificate when using TLS to connect to the server (bsc#1228872) Other fixes: - Update to version 1.18.5. The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - libnbd0-1.18.5-150600.18.3.1 updated - libnbd-1.18.5-150600.18.3.1 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:25 +0200 (CEST) Subject: SUSE-CU-2024:3710-1: Security update of suse/sles/15.7/virt-api Message-ID: <20240814165425.E0DADF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3710-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.4 , suse/sles/15.7/virt-api:1.1.1.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - kubevirt-virt-api-1.1.1-150700.9.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:27 +0200 (CEST) Subject: SUSE-CU-2024:3711-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20240814165427.027E4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3711-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.4 , suse/sles/15.7/virt-controller:1.1.1.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - kubevirt-virt-controller-1.1.1-150700.9.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:28 +0200 (CEST) Subject: SUSE-CU-2024:3712-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20240814165428.267D7F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3712-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.4 , suse/sles/15.7/virt-exportproxy:1.1.1.11.11 Container Release : 11.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:29 +0200 (CEST) Subject: SUSE-CU-2024:3713-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20240814165429.3F25CF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3713-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.4 , suse/sles/15.7/virt-exportserver:1.1.1.12.11 Container Release : 12.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - kubevirt-virt-exportserver-1.1.1-150700.9.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:31 +0200 (CEST) Subject: SUSE-CU-2024:3715-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20240814165431.969B4F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3715-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.4 , suse/sles/15.7/virt-launcher:1.1.1.33.14 Container Release : 33.14 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer at tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libudev1-254.15-150600.4.8.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - sles-release-15.7-150700.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - kubevirt-container-disk-1.1.1-150700.9.4 updated - qemu-accel-tcg-x86-8.2.5-150600.3.6.1 updated - qemu-hw-usb-host-8.2.5-150600.3.6.1 updated - qemu-ipxe-8.2.5-150600.3.6.1 updated - qemu-seabios-8.2.51.16.3_3_ga95067eb-150600.3.6.1 updated - qemu-vgabios-8.2.51.16.3_3_ga95067eb-150600.3.6.1 updated - qemu-hw-usb-redirect-8.2.5-150600.3.6.1 updated - systemd-254.15-150600.4.8.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - udev-254.15-150600.4.8.1 updated - systemd-container-254.15-150600.4.8.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.4 updated - qemu-x86-8.2.5-150600.3.6.1 updated - qemu-8.2.5-150600.3.6.1 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:32 +0200 (CEST) Subject: SUSE-CU-2024:3716-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20240814165432.9A2D8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3716-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.4 , suse/sles/15.7/libguestfs-tools:1.1.1.28.15 Container Release : 28.15 Severity : important Type : security References : 1208690 1218640 1222768 1222899 1223336 1225976 1226125 1226412 1226463 1226529 1226664 1227138 1227888 1228255 1228256 1228257 1228258 1228322 1228322 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-4076 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2573-1 Released: Mon Jul 22 12:35:01 2024 Summary: Recommended update for libkcapi Type: recommended Severity: moderate References: 1222768 This update for libkcapi fixes the following issues: - FIPS: kcapi-hasher: zeroise temporary values for FIPS 140-3 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2636-1 Released: Tue Jul 30 09:14:22 2024 Summary: Security update for bind Type: security Severity: important References: 1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response???s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer at tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2695-1 Released: Thu Aug 1 15:06:12 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libassuan0-2.5.5-150000.4.7.1 updated - libudev1-254.15-150600.4.8.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - sles-release-15.7-150700.3.1 updated - permissions-20240801-150600.10.4.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - libkcapi-tools-0.13.0-150600.17.3.1 updated - qemu-accel-tcg-x86-8.2.5-150600.3.6.1 updated - qemu-ipxe-8.2.5-150600.3.6.1 updated - qemu-seabios-8.2.51.16.3_3_ga95067eb-150600.3.6.1 updated - qemu-vgabios-8.2.51.16.3_3_ga95067eb-150600.3.6.1 updated - bind-utils-9.18.28-150600.3.3.1 updated - libxkbcommon0-1.5.0-150600.3.3.1 updated - systemd-254.15-150600.4.8.1 updated - qemu-pr-helper-8.2.5-150600.3.6.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - qemu-tools-8.2.5-150600.3.6.1 updated - wicked-0.6.76-150600.11.9.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - udev-254.15-150600.4.8.1 updated - dracut-059+suse.527.g7870f083-150600.3.3.2 updated - dracut-fips-059+suse.527.g7870f083-150600.3.3.2 updated - qemu-x86-8.2.5-150600.3.6.1 updated - qemu-8.2.5-150600.3.6.1 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:30 +0200 (CEST) Subject: SUSE-CU-2024:3714-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20240814165430.68CC0F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3714-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.4 , suse/sles/15.7/virt-handler:1.1.1.29.13 Container Release : 29.13 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1227888 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2637-1 Released: Tue Jul 30 09:17:25 2024 Summary: Recommended update for qemu Type: recommended Severity: moderate References: This update for qemu fixes the following issues: qemu was updated to version 8.2.5: - For the full list of changes (from the various releases) please consult the following: * https://lore.kernel.org/qemu-devel/1718081047.648425.1238605.nullmailer at tls.msk.ru/ - Main changes: * disas/riscv: Decode all of the pmpcfg and pmpaddr CSRs * dockerfiles: Added 'MAKE' env variable to remaining containers * gitlab: Update msys2-64bit runner tags * gitlab: Use 'setarch -R' to workaround tsan bug * gitlab: Use $MAKE instead of 'make' * hvf: arm: Fixed encodings for ID_AA64PFR1_EL1 and debug System registers * hw/intc/arm_gic: Fixed handling of NS view of GICC_APR * hw/intc/riscv_aplic: APLICs should add child earlier than realize * iotests: test NBD+TLS+iothread * qio: Inherit follow_coroutine_ctx across TLS * target/arm: Disable SVE extensions when SVE is disabled * target/i386: Fixed SSE and SSE2 feature check * target/i386: Fixed xsave.flat from kvm-unit-tests * target/i386: No single-step exception after MOV or POP SS * target/loongarch: Fixed a wrong print in cpu dump * target/riscv: Do not set mtval2 for non guest-page faults * target/riscv: Fixed the element agnostic function problem * target/riscv: Prioritize pmp errors in raise_mmu_exception() * target/riscv: rvv: Check single width operator for vector fp widen instructions * target/riscv: rvv: Check single width operator for vfncvt.rod.f.f.w * target/riscv: rvv: Fixed Zvfhmin checking for vfwcvt.f.f.v and vfncvt.f.f.w instructions * target/riscv: rvv: Removed redudant SEW checking for vector fp narrow/widen instructions * target/riscv: rvzicbo: Fixed CBO extension register calculation * target/riscv/cpu.c: Fixed Zvkb extension config * target/riscv/kvm: Tolerate KVM disable ext errors * target/riscv/kvm.c: Fixed the hart bit setting of AIA * ui/sdl2: Allow host to power down screen ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libudev1-254.15-150600.4.8.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - sles-release-15.7-150700.3.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - curl-8.6.0-150600.4.3.1 updated - kubevirt-container-disk-1.1.1-150700.9.4 updated - kubevirt-virt-handler-1.1.1-150700.9.4 updated - systemd-254.15-150600.4.8.1 updated - qemu-img-8.2.5-150600.3.6.1 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Wed Aug 14 16:54:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 14 Aug 2024 18:54:33 +0200 (CEST) Subject: SUSE-CU-2024:3717-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20240814165433.B9C04F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3717-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.4 , suse/sles/15.7/virt-operator:1.1.1.27.11 Container Release : 27.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.6.1 updated - permissions-20240801-150600.10.4.1 updated - shadow-4.8.1-150600.17.6.1 updated - kubevirt-virt-operator-1.1.1-150700.9.4 updated - container:sles15-image-15.0.0-50.8 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:04:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:04:14 +0200 (CEST) Subject: SUSE-CU-2024:3722-1: Security update of suse/sle15 Message-ID: <20240815070414.B7E56FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3722-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.29 Container Release : 9.8.29 Severity : moderate Type : security References : 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.94.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:04:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:04:46 +0200 (CEST) Subject: SUSE-CU-2024:3724-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240815070446.A0EBDFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3724-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.14 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.14 Container Release : 6.14 Severity : moderate Type : security References : 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.94.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:10:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:10:23 +0200 (CEST) Subject: SUSE-CU-2024:3735-1: Recommended update of bci/ruby Message-ID: <20240815071023.D5B91FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3735-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.2 , bci/ruby:2.5 , bci/ruby:2.5-22.2 , bci/ruby:latest Container Release : 22.2 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:10:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:10:48 +0200 (CEST) Subject: SUSE-CU-2024:3736-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240815071048.CE350FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3736-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.11 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.11 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:11:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:11:45 +0200 (CEST) Subject: SUSE-CU-2024:3737-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240815071145.C69ABFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3737-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.10 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.10 Severity : moderate Type : security References : 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.94.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated From sle-container-updates at lists.suse.com Thu Aug 15 07:14:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 15 Aug 2024 09:14:42 +0200 (CEST) Subject: SUSE-CU-2024:3739-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240815071442.636A8FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3739-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.12 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.12 Severity : moderate Type : security References : 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2909-1 Released: Wed Aug 14 14:47:44 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) The following package changes have been done: - libopenssl1_1-hmac-1.1.1d-150200.11.94.1 updated - libopenssl1_1-1.1.1d-150200.11.94.1 updated - openssl-1_1-1.1.1d-150200.11.94.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:04:57 +0200 (CEST) Subject: SUSE-CU-2024:3741-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240816070457.BFD1DFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3741-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.11 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.11 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:07:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:07:15 +0200 (CEST) Subject: SUSE-CU-2024:3743-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240816070715.14C3FFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3743-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.11 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.11 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:09:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:09:24 +0200 (CEST) Subject: SUSE-CU-2024:3744-1: Security update of suse/sle15 Message-ID: <20240816070924.79FB3FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3744-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.30 Container Release : 9.8.30 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - libcurl4-7.66.0-150200.4.75.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:09:56 +0200 (CEST) Subject: SUSE-CU-2024:3746-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240816070956.247E3FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3746-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.15 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.15 Container Release : 6.15 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.75.1 updated - libcurl4-7.66.0-150200.4.75.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:10:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:10:00 +0200 (CEST) Subject: SUSE-CU-2024:3747-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20240816071000.898F3FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3747-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.3.15 Container Release : 3.15 Severity : moderate Type : recommended References : 1227115 1227115 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2782-1 Released: Tue Aug 6 14:41:41 2024 Summary: Recomended update for sles-ltss-release Type: recommended Severity: moderate References: 1227115 This update for sles-ltss-release fixes the following issue: - Update Codestream lifecycle ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2877-1 Released: Mon Aug 12 13:35:20 2024 Summary: Optional update for sles-release Type: optional Severity: low References: 1227115 This update for sles-release fixes the following issue: - Adjust codestream lifecycle The following package changes have been done: - sles-release-15.4-150400.58.10.2 updated - sles-ltss-release-15.4-150400.13.8.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:10:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:10:20 +0200 (CEST) Subject: SUSE-CU-2024:3748-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240816071020.B9A36FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3748-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.10 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.10 Container Release : 5.10 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - libopenssl1_1-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:14 +0200 (CEST) Subject: SUSE-CU-2024:3753-1: Security update of suse/389-ds Message-ID: <20240816071514.B8DF1FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3753-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-41.2 , suse/389-ds:latest Container Release : 41.2 Severity : important Type : security References : 1225507 1225512 1225907 1226277 1226463 1227138 1228912 CVE-2024-2199 CVE-2024-3657 CVE-2024-5535 CVE-2024-5953 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2910-1 Released: Wed Aug 14 16:17:44 2024 Summary: Security update for 389-ds Type: security Severity: important References: 1225507,1225512,1226277,1228912,CVE-2024-2199,CVE-2024-3657,CVE-2024-5953 This update for 389-ds fixes the following issues: Security issues fixed: - CVE-2024-3657: Fixed potential denial of service via specially crafted kerberos AS-REQ request (bsc#1225512) - CVE-2024-5953: Fixed a denial of service caused by malformed userPassword hashes (bsc#1226277) - CVE-2024-2199: Fixed a crash caused by malformed userPassword in do_modify() (bsc#1225507) Non-security issues fixed: - crash when user does change password using iso-8859-1 encoding (bsc#1228912) - Update to version 2.2.10: Issue 2324 - Add a CI test (#6289) Issue 6284 - BUG - freelist ordering causes high wtime Issue 5327 - Fix test metadata Issue 5853 - Update Cargo.lock Issue 5962 - Rearrange includes for 32-bit support logic Issue 5973 - Fix fedora cop RawHide builds (#5974) Bump braces from 3.0.2 to 3.0.3 in /src/cockpit/389-console Issue 6254 - Enabling replication for a sub suffix crashes browser (#6255) Issue 6224 - d2entry - Could not open id2entry err 0 - at startup when having sub-suffixes (#6225) Issue 6183 - Slow ldif2db import on a newly created BDB backend (#6208) Issue 6170 - audit log buffering doesn't handle large updates Issue 6193 - Test failure: test_tls_command_returns_error_text Issue 6189 - CI tests fail with `[Errno 2] No such file or directory: '/var/cache/dnf/metadata_lock.pid'` Issue 6172 - RFE: improve the performance of evaluation of filter component when tested against a large valueset (like group members) (#6173) Issue 6092 - passwordHistory is not updated with a pre-hashed password (#6093) Issue 6080 - ns-slapd crash in referint_get_config (#6081) Issue 6117 - Fix the UTC offset print (#6118) Issue 5305 - OpenLDAP version autodetection doesn't work Issue 6112 - RFE - add new operation note for MFA authentications Issue 5842 - Add log buffering to audit log Issue 6103 - New connection timeout error breaks errormap (#6104) Issue 6067 - Improve dsidm CLI No Such Entry handling (#6079) Issue 6096 - Improve connection timeout error logging (#6097) Issue 6067 - Add hidden -v and -j options to each CLI subcommand (#6088) Issue 5487 - Fix various isses with logconv.pl (#6085) Issue 6052 - Paged results test sets hostname to `localhost` on test collection Issue 6061 - Certificate lifetime displayed as NaN Issue 6043, 6044 - Enhance Rust and JS bundling and add SPDX licenses for both (#6045) Issue 3555 - Remove audit-ci from dependencies (#6056) Issue 5647 - Fix unused variable warning from previous commit (#5670) issue 5647 - covscan: memory leak in audit log when adding entries (#5650) Issue 6047 - Add a check for tagged commits Issue 6041 - dscreate ds-root - accepts relative path (#6042) Issue 6034 - Change replica_id from str to int Issue 5938 - Attribute Names changed to lowercase after adding the Attributes (#5940) Issue 5870 - ns-slapd crashes at startup if a backend has no suffix (#5871) Issue 5939 - During an update, if the target entry is reverted in the entry cache, the server should not retry to lock it (#6007) Issue 5944 - Reversion of the entry cache should be limited to BETXN plugin failures (#5994) Issue 5954 - Disable Transparent Huge Pages ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated - libsvrcore0-2.2.10~git2.345056d3-150600.8.7.2 updated - lib389-2.2.10~git2.345056d3-150600.8.7.2 updated - 389-ds-2.2.10~git2.345056d3-150600.8.7.2 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:20 +0200 (CEST) Subject: SUSE-CU-2024:3754-1: Security update of bci/dotnet-aspnet Message-ID: <20240816071520.DAC9DFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3754-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-41.2 , bci/dotnet-aspnet:6.0.33 , bci/dotnet-aspnet:6.0.33-41.2 Container Release : 41.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:27 +0200 (CEST) Subject: SUSE-CU-2024:3755-1: Security update of bci/dotnet-aspnet Message-ID: <20240816071527.76C23FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3755-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-29.2 , bci/dotnet-aspnet:8.0.8 , bci/dotnet-aspnet:8.0.8-29.2 , bci/dotnet-aspnet:latest Container Release : 29.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:29 +0200 (CEST) Subject: SUSE-CU-2024:3756-1: Security update of bci/bci-base-fips Message-ID: <20240816071529.0AD2FFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3756-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.8.1 , bci/bci-base-fips:latest Container Release : 8.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:35 +0200 (CEST) Subject: SUSE-CU-2024:3757-1: Security update of bci/dotnet-sdk Message-ID: <20240816071535.BC330FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3757-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-41.2 , bci/dotnet-sdk:6.0.33 , bci/dotnet-sdk:6.0.33-41.2 Container Release : 41.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:42 +0200 (CEST) Subject: SUSE-CU-2024:3758-1: Security update of bci/dotnet-sdk Message-ID: <20240816071542.654A6FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3758-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-29.2 , bci/dotnet-sdk:8.0.8 , bci/dotnet-sdk:8.0.8-29.2 , bci/dotnet-sdk:latest Container Release : 29.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:48 +0200 (CEST) Subject: SUSE-CU-2024:3759-1: Security update of bci/dotnet-runtime Message-ID: <20240816071548.AE5C2FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3759-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-41.2 , bci/dotnet-runtime:6.0.33 , bci/dotnet-runtime:6.0.33-41.2 Container Release : 41.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:15:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:15:55 +0200 (CEST) Subject: SUSE-CU-2024:3760-1: Security update of bci/dotnet-runtime Message-ID: <20240816071555.4BCA6FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3760-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-29.2 , bci/dotnet-runtime:8.0.8 , bci/dotnet-runtime:8.0.8-29.2 , bci/dotnet-runtime:latest Container Release : 29.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:24 +0200 (CEST) Subject: SUSE-CU-2024:3776-1: Security update of bci/python Message-ID: <20240816071724.04E8DFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3776-1 Container Tags : bci/python:3 , bci/python:3-47.2 , bci/python:3.6 , bci/python:3.6-47.2 Container Release : 47.2 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:33 +0200 (CEST) Subject: SUSE-CU-2024:3778-1: Security update of bci/ruby Message-ID: <20240816071733.45CEFFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3778-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.3 , bci/ruby:2.5 , bci/ruby:2.5-22.3 , bci/ruby:latest Container Release : 22.3 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:36 +0200 (CEST) Subject: SUSE-CU-2024:3779-1: Security update of bci/rust Message-ID: <20240816071736.74001FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3779-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-2.4.1 , bci/rust:oldstable , bci/rust:oldstable-2.4.1 Container Release : 4.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:40 +0200 (CEST) Subject: SUSE-CU-2024:3780-1: Security update of bci/rust Message-ID: <20240816071740.B086EFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3780-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-1.4.1 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.1 Container Release : 4.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:52 +0200 (CEST) Subject: SUSE-CU-2024:3781-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240816071752.109A3FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3781-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.22.1 , bci/bci-sle15-kernel-module-devel:latest Container Release : 22.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:17:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:17:56 +0200 (CEST) Subject: SUSE-CU-2024:3782-1: Security update of bci/spack Message-ID: <20240816071756.D3AB5FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3782-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-6.1 , bci/spack:0.21.2 , bci/spack:0.21.2-6.1 , bci/spack:latest Container Release : 6.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated - container:sles15-image-15.6.0-47.11.7 updated From sle-container-updates at lists.suse.com Fri Aug 16 07:18:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 09:18:34 +0200 (CEST) Subject: SUSE-CU-2024:3783-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240816071834.74EF6FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3783-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.15 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.15 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:16:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:16:25 +0200 (CEST) Subject: SUSE-CU-2024:3784-1: Security update of suse/sles12sp5 Message-ID: <20240816131625.E2D3EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3784-1 Container Tags : suse/sles12sp5:6.8.27 , suse/sles12sp5:latest Container Release : 6.8.27 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2938-1 Released: Thu Aug 15 17:49:05 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - libcurl4-8.0.1-11.89.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:20:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:20:00 +0200 (CEST) Subject: SUSE-CU-2024:3786-1: Security update of containers/apache-tomcat Message-ID: <20240816132000.D9125FBA1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3786-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.1 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.1 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.1 Container Release : 43.1 Severity : important Type : security References : 1154884 1154887 1175825 1180138 1197771 1227888 1228535 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) The following package changes have been done: - libldap-data-2.4.46-150600.23.21 added - libssh-config-0.9.8-150600.9.1 added - libzstd1-1.5.5-150600.1.3 added - libsasl2-3-2.1.28-150600.5.3 added - libnghttp2-14-1.40.0-150600.23.2 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libunistring2-0.9.10-1.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libldap-2_4-2-2.4.46-150600.23.21 added - libssh4-0.9.8-150600.9.1 added - libcurl4-8.6.0-150600.4.3.1 added - sed-4.9-150600.1.4 added - curl-8.6.0-150600.4.3.1 added - container:micro-image-15.6.0-47.11.7 added - container:sles15-image-15.6.0-47.11.7 updated - apache-commons-collections-3.2.2-150200.13.6.4 removed - apache-commons-daemon-1.3.4-150200.11.14.1 removed - apache-commons-dbcp-2.1.1-150200.10.8.1 removed - apache-commons-jexl-2.1.1-150200.3.8.1 removed - apache-commons-logging-1.2-150200.11.6.4 removed - apache-commons-pool2-2.4.2-150200.11.8.1 removed - cglib-3.3.0-150200.3.6.5 removed - ecj-4.23-150200.3.12.1 removed - file-5.32-7.14.1 removed - fontconfig-2.14.2-150600.1.3 removed - geronimo-jta-1_1-api-1.2-150200.15.8.1 removed - jakarta-servlet-5.0.0-150200.5.5.1 removed - java-21-openjdk-21.0.4.0-150600.3.3.1 removed - java-21-openjdk-headless-21.0.4.0-150600.3.3.1 removed - javapackages-filesystem-6.2.0-150200.3.12.1 removed - javapackages-tools-6.2.0-150200.3.12.1 removed - libX11-6-1.8.7-150600.1.2 removed - libX11-data-1.8.7-150600.1.2 removed - libXau6-1.0.8-1.26 removed - libXext6-1.3.3-1.30 removed - libXi6-1.7.9-3.2.1 removed - libXrender1-0.9.10-1.30 removed - libXtst6-1.2.3-1.24 removed - libapr1-1.6.3-3.3.8 removed - libasound2-1.2.10-150600.2.3 removed - libexpat1-2.4.4-150400.3.17.1 removed - libfontconfig1-2.14.2-150600.1.3 removed - libfreebl3-3.101.2-150400.3.48.1 removed - libfreetype6-2.10.4-150000.4.15.1 removed - libgif7-5.2.2-150000.4.13.1 removed - libjitterentropy3-3.4.1-150000.1.12.1 removed - libjpeg8-8.2.2-150600.22.5 removed - liblcms2-2-2.15-150600.1.5 removed - libopenssl1_1-1.1.1w-150600.5.3.1 removed - libpcsclite1-1.9.4-150400.3.2.1 removed - libpng16-16-1.6.40-150600.1.3 removed - libsoftokn3-3.101.2-150400.3.48.1 removed - libtcnative-1-0-1.2.38-150600.14.2 removed - libxcb1-1.13-150000.3.11.1 removed - libxslt-tools-1.1.34-150400.3.3.1 removed - libxslt1-1.1.34-150400.3.3.1 removed - logrotate-3.18.1-150400.3.7.1 removed - mozilla-nspr-4.35-150000.3.29.1 removed - mozilla-nss-3.101.2-150400.3.48.1 removed - mozilla-nss-certs-3.101.2-150400.3.48.1 removed - objectweb-asm-9.7-150200.3.15.2 removed - tomcat10-10.1.25-150200.5.25.1 removed - tomcat10-el-5_0-api-10.1.25-150200.5.25.1 removed - tomcat10-jsp-3_1-api-10.1.25-150200.5.25.1 removed - tomcat10-lib-10.1.25-150200.5.25.1 removed - tomcat10-servlet-6_0-api-10.1.25-150200.5.25.1 removed - update-alternatives-1.19.0.4-150000.4.4.1 removed - xz-5.4.1-150600.1.2 removed From sle-container-updates at lists.suse.com Fri Aug 16 13:20:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:20:44 +0200 (CEST) Subject: SUSE-CU-2024:3783-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240816132044.E492CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3783-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.15 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.15 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:20:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:20:45 +0200 (CEST) Subject: SUSE-CU-2024:3787-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240816132045.B2A5EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3787-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.17 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.17 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:21:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:21:11 +0200 (CEST) Subject: SUSE-CU-2024:3788-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240816132111.9C8E8FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3788-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.16 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.16 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:21:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:21:12 +0200 (CEST) Subject: SUSE-CU-2024:3789-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240816132112.6C0B6FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3789-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.18 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.18 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:21:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:21:35 +0200 (CEST) Subject: SUSE-CU-2024:3790-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240816132135.55B76FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3790-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.13 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.13 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:22:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:22:00 +0200 (CEST) Subject: SUSE-CU-2024:3791-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240816132200.C2190FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3791-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.13 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.13 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:22:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:22:28 +0200 (CEST) Subject: SUSE-CU-2024:3792-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20240816132228.09988FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3792-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.12 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.12 Severity : important Type : recommended References : 1222985 1223571 1224014 1224016 1227308 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:22:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:22:28 +0200 (CEST) Subject: SUSE-CU-2024:3793-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240816132228.A0BB2FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3793-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.14 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.14 Severity : moderate Type : security References : 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2927-1 Released: Thu Aug 15 09:02:55 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) The following package changes have been done: - libopenssl1_1-1.1.1l-150400.7.72.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.72.1 updated - openssl-1_1-1.1.1l-150400.7.72.1 updated - container:sles15-ltss-image-15.0.0-5.10 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:23:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:23:29 +0200 (CEST) Subject: SUSE-CU-2024:3794-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240816132329.16EA3FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3794-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.11 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.11 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.75.1 updated - libcurl4-7.66.0-150200.4.75.1 updated From sle-container-updates at lists.suse.com Fri Aug 16 13:26:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 16 Aug 2024 15:26:25 +0200 (CEST) Subject: SUSE-CU-2024:3796-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240816132625.B8CB9FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3796-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.13 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.13 Severity : moderate Type : security References : 1228535 CVE-2024-7264 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2930-1 Released: Thu Aug 15 11:35:03 2024 Summary: Security update for curl Type: security Severity: moderate References: 1228535,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) The following package changes have been done: - curl-7.66.0-150200.4.75.1 updated - libcurl4-7.66.0-150200.4.75.1 updated From sle-container-updates at lists.suse.com Sat Aug 17 07:03:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 17 Aug 2024 09:03:48 +0200 (CEST) Subject: SUSE-CU-2024:3797-1: Security update of bci/kiwi Message-ID: <20240817070348.58EFFFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3797-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-9.1 , bci/kiwi:9.24 , bci/kiwi:9.24-9.1 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-9.1 , bci/kiwi:latest Container Release : 9.1 Severity : important Type : security References : 1222985 1223571 1224014 1224016 1225907 1226463 1227138 1227308 CVE-2024-5535 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libyaml-0-2-0.1.7-150000.3.2.1 added - libopenssl1_1-1.1.1w-150600.5.6.1 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Sat Aug 17 07:03:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 17 Aug 2024 09:03:51 +0200 (CEST) Subject: SUSE-CU-2024:3798-1: Security update of suse/rmt-mariadb Message-ID: <20240817070351.55EF4FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3798-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-41.1 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-41.1 , suse/rmt-mariadb:latest Container Release : 41.1 Severity : moderate Type : security References : 1225907 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2933-1 Released: Thu Aug 15 12:12:50 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1225907,1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng. (bsc#1226463) - Fixed C99 violations to allow the package to build with GCC 14. (bsc#1225907) The following package changes have been done: - libopenssl1_1-1.1.1w-150600.5.6.1 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:04:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:04:42 +0200 (CEST) Subject: SUSE-CU-2024:3801-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240820070442.242F6FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3801-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.13 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.13 Severity : moderate Type : recommended References : 1194818 1194818 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libblkid1-2.37.2-150400.8.32.2 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libmount1-2.37.2-150400.8.32.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libuuid1-2.37.2-150400.8.32.2 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.37.2-150400.8.32.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:3803-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240820070706.53C0CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3803-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.13 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.13 Severity : moderate Type : recommended References : 1194818 1194818 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libblkid1-2.37.2-150400.8.32.2 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libmount1-2.37.2-150400.8.32.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libuuid1-2.37.2-150400.8.32.2 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.37.2-150400.8.32.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:08:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:08:03 +0200 (CEST) Subject: SUSE-CU-2024:3804-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240820070803.4769CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3804-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.17 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.17 Container Release : 6.17 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:08:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:08:27 +0200 (CEST) Subject: SUSE-CU-2024:3806-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240820070827.5B92CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3806-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.11 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.11 Container Release : 5.11 Severity : moderate Type : recommended References : 1194818 1194818 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libblkid1-2.37.2-150400.8.32.2 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libmount1-2.37.2-150400.8.32.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libuuid1-2.37.2-150400.8.32.2 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.37.2-150400.8.32.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:10:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:10:37 +0200 (CEST) Subject: SUSE-CU-2024:3807-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240820071037.0A0F2FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3807-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.22 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.22 Severity : important Type : recommended References : 1194818 1223535 1226100 1228124 1228159 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2918-1 Released: Thu Aug 15 06:59:39 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2952-1 Released: Fri Aug 16 17:05:34 2024 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1228159 This update for nfs-utils fixes the following issues: - Include source for libnfsidmap 0.26 and build that. This is needed for compatability with SLE15-SP5 and earlier. - Copied from old nfsidmap package (bsc#1228159). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - grub2-i386-pc-2.12-150600.8.3.1 updated - grub2-x86_64-efi-2.12-150600.8.3.1 updated - grub2-2.12-150600.8.3.1 updated - libnfsidmap1-1.0-150600.28.3.2 updated - nfs-client-2.6.4-150600.28.3.2 updated - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:11:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:11:34 +0200 (CEST) Subject: SUSE-CU-2024:3808-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240820071134.29431FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3808-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.13 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.13 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 07:14:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 09:14:21 +0200 (CEST) Subject: SUSE-CU-2024:3810-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240820071421.14C04FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3810-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.15 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.15 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Tue Aug 20 13:54:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 20 Aug 2024 15:54:20 +0200 (CEST) Subject: SUSE-CU-2024:3811-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20240820135420.BBE4DFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3811-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.15 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.15 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-ltss-image-15.0.0-5.11 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:05:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:05:09 +0200 (CEST) Subject: SUSE-IU-2024:1017-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20240821070509.42D0CFBA5@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1017-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.34 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.34 Severity : important Type : security References : 1221399 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - SL-Micro-release-6.0-24.6 updated - libnghttp2-14-1.52.0-5.1 updated - container:SL-Micro-base-container-2.1.2-3.21 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:05:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:05:10 +0200 (CEST) Subject: SUSE-IU-2024:1018-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20240821070510.6726EFBA5@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1018-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.21 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.21 Severity : important Type : security References : 1221399 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - libnghttp2-14-1.52.0-5.1 updated - SL-Micro-release-6.0-24.6 updated - container:suse-toolbox-image-1.0.0-6.40 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:05:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:05:12 +0200 (CEST) Subject: SUSE-IU-2024:1019-1: Security update of suse/sl-micro/6.0/kvm-os-container Message-ID: <20240821070512.9D46BFBA5@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1019-1 Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.2 , suse/sl-micro/6.0/kvm-os-container:2.1.2-3.39 , suse/sl-micro/6.0/kvm-os-container:latest Image Release : 3.39 Severity : important Type : security References : 1221399 CVE-2024-28182 ----------------------------------------------------------------- The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) The following package changes have been done: - SL-Micro-release-6.0-24.6 updated - libnghttp2-14-1.52.0-5.1 updated - container:SL-Micro-base-container-2.1.2-3.21 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:08:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:08:46 +0200 (CEST) Subject: SUSE-CU-2024:3820-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240821070846.1FEC7FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3820-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.19 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.19 Severity : moderate Type : recommended References : 1194818 1194818 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.2-150400.8.32.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libblkid1-2.37.2-150400.8.32.2 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libmount1-2.37.2-150400.8.32.2 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.37.2-150400.8.32.2 updated - container:sles15-ltss-image-15.0.0-5.11 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:09:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:09:09 +0200 (CEST) Subject: SUSE-CU-2024:3821-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240821070909.B6161FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3821-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.20 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.20 Severity : moderate Type : recommended References : 1194818 1194818 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2966-1 Released: Mon Aug 19 15:37:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194818 This update for util-linux fixes the following issue: - agetty: Prevent login cursor escape (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.2-150400.8.32.2 updated - libsmartcols1-2.37.2-150400.8.32.2 updated - libblkid1-2.37.2-150400.8.32.2 updated - libfdisk1-2.37.2-150400.8.32.2 updated - libmount1-2.37.2-150400.8.32.2 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-2.37.2-150400.8.32.2 updated - container:sles15-ltss-image-15.0.0-5.11 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:09:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:09:33 +0200 (CEST) Subject: SUSE-CU-2024:3822-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20240821070933.1C298FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3822-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.15 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.15 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-ltss-image-15.0.0-5.11 updated From sle-container-updates at lists.suse.com Thu Aug 22 07:01:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 22 Aug 2024 09:01:37 +0200 (CEST) Subject: SUSE-IU-2024:1024-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20240822070137.7D4C1FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1024-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.35 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.35 Severity : moderate Type : security References : 1219458 1222319 1225600 1225601 CVE-2023-38417 CVE-2023-47210 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 20 Released: Wed Aug 21 11:30:19 2024 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1219458,1222319,1225600,1225601,CVE-2023-38417,CVE-2023-47210 This update for kernel-firmware fixes the following issues: Update to version 20240712: * amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics * qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458) * linux-firmware: add firmware for qat_402xx devices * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update vega20 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VPE 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update SDMA 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Add ISH firmware file for Intel Lunar Lake platform * amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics * cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41 * amdgpu: Update ISP FW for isp v4.1.1 The following package changes have been done: - kernel-firmware-amdgpu-20240728-1.1 updated - kernel-firmware-ath10k-20240728-1.1 updated - kernel-firmware-ath11k-20240728-1.1 updated - kernel-firmware-ath12k-20240728-1.1 updated - kernel-firmware-atheros-20240728-1.1 updated - kernel-firmware-bluetooth-20240728-1.1 updated - kernel-firmware-bnx2-20240728-1.1 updated - kernel-firmware-brcm-20240728-1.1 updated - kernel-firmware-chelsio-20240728-1.1 updated - kernel-firmware-dpaa2-20240728-1.1 updated - kernel-firmware-i915-20240728-1.1 updated - kernel-firmware-intel-20240728-1.1 updated - kernel-firmware-iwlwifi-20240728-1.1 updated - kernel-firmware-liquidio-20240728-1.1 updated - kernel-firmware-marvell-20240728-1.1 updated - kernel-firmware-media-20240728-1.1 updated - kernel-firmware-mediatek-20240728-1.1 updated - kernel-firmware-mellanox-20240728-1.1 updated - kernel-firmware-mwifiex-20240728-1.1 updated - kernel-firmware-network-20240728-1.1 updated - kernel-firmware-nfp-20240728-1.1 updated - kernel-firmware-nvidia-20240728-1.1 updated - kernel-firmware-platform-20240728-1.1 updated - kernel-firmware-prestera-20240728-1.1 updated - kernel-firmware-qcom-20240728-1.1 updated - kernel-firmware-qlogic-20240728-1.1 updated - kernel-firmware-radeon-20240728-1.1 updated - kernel-firmware-realtek-20240728-1.1 updated - kernel-firmware-serial-20240728-1.1 updated - kernel-firmware-sound-20240728-1.1 updated - kernel-firmware-ti-20240728-1.1 updated - kernel-firmware-ueagle-20240728-1.1 updated - kernel-firmware-usb-network-20240728-1.1 updated - kernel-firmware-all-20240728-1.1 updated From sle-container-updates at lists.suse.com Fri Aug 23 07:02:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 Aug 2024 09:02:21 +0200 (CEST) Subject: SUSE-CU-2024:3828-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240823070221.8DE54FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3828-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.18 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.18 Container Release : 6.18 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.21.1 updated From sle-container-updates at lists.suse.com Fri Aug 23 07:05:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 Aug 2024 09:05:11 +0200 (CEST) Subject: SUSE-CU-2024:3829-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240823070511.220A0FBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3829-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.14 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.14 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.21.1 updated - libgmodule-2_0-0-2.62.6-150200.3.21.1 updated From sle-container-updates at lists.suse.com Fri Aug 23 07:07:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 23 Aug 2024 09:07:49 +0200 (CEST) Subject: SUSE-CU-2024:3831-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240823070749.1F97EFBA5@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3831-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.16 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.16 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.21.1 updated - libgmodule-2_0-0-2.62.6-150200.3.21.1 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:01:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:01:51 +0200 (CEST) Subject: SUSE-IU-2024:1081-1: Security update of suse/sle-micro/5.5 Message-ID: <20240825070151.6E893FCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1081-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.102 , suse/sle-micro/5.5:latest Image Release : 5.5.102 Severity : important Type : security References : 1159034 1194818 1194818 1208690 1214960 1214980 1222285 1222804 1222807 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1223724 1224113 1224115 1224116 1224118 1226412 1226463 1226529 1227138 1227181 1227442 1227918 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2023-5388 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2659-1 Released: Tue Jul 30 15:37:52 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2664-1 Released: Tue Jul 30 15:47:13 2024 Summary: Recommended update for open-vm-tools Type: recommended Severity: moderate References: 1227181 This update for open-vm-tools fixes the following issues: - There are no new features in the open-vm-tools release (bsc#1227181). This is primarily a maintenance release that addresses a few critical problems, including: - A Github pull request and associated issue has been handled. Please see the Resolved Issues section of the Release Notes - A number of issues flagged by Coverity and ShellCheck have been addressed - A vmtoolsd process hang related to nested logging from an RPC Channel error has been fixed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2765-1 Released: Tue Aug 6 10:33:41 2024 Summary: Recommended update for container-selinux Type: recommended Severity: moderate References: 1227442 This update for container-selinux fixes the following issue: - Allow iptables_t list directory permissions of container_file_t (bsc#1227442) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:05 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2809-1 Released: Wed Aug 7 09:49:44 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - login_defs-4.8.1-150500.3.9.1 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150500.3.9.1 updated - util-linux-2.37.4-150500.9.14.2 updated - util-linux-systemd-2.37.4-150500.9.14.2 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - runc-1.1.13-150000.67.1 updated - libvmtools0-12.4.5-150300.52.6 updated - container-selinux-2.188.0-150500.3.3.2 updated - open-vm-tools-12.4.5-150300.52.6 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.63 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:02:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:02:36 +0200 (CEST) Subject: SUSE-CU-2024:3833-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240825070236.4ED46FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3833-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.23 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.23 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.0.0-36.14.14 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:04:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:04:33 +0200 (CEST) Subject: SUSE-CU-2024:3834-1: Security update of suse/sle15 Message-ID: <20240825070433.D80BCFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3834-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.33 Container Release : 9.8.33 Severity : moderate Type : security References : 1194818 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2998-1 Released: Thu Aug 22 12:52:17 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - Fixed a possible use after free regression introduced by CVE-2024-34397 patch (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.21.1 updated - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:07:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:07:44 +0200 (CEST) Subject: SUSE-CU-2024:3835-1: Recommended update of bci/bci-init Message-ID: <20240825070744.8EE08FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3835-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.26.2 Container Release : 26.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.0.0-36.14.14 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:01:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:01:39 +0200 (CEST) Subject: SUSE-IU-2024:1080-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240825070139.2B52CFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1080-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.63 , suse/sle-micro/base-5.5:latest Image Release : 5.8.63 Severity : important Type : security References : 1159034 1194818 1194818 1220356 1222285 1226463 1227138 1227525 1228322 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2679-1 Released: Wed Jul 31 09:47:44 2024 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: This update for patterns-base fixes the following issues: Added a fips-certified pattern matching the exact certified FIPS versions of the Linux Kernel, openssl 1.1.1, gnutls/nettle, mozilla-nss and libgcrypt. Note that applying this pattern might cause downgrade of various packages and so deinstall security and bugfix updates released after the certified binaries. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:05 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libassuan0-2.5.5-150000.4.7.1 updated - login_defs-4.8.1-150400.10.21.1 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.34.1 updated - libmount1-2.37.4-150500.9.14.2 updated - patterns-base-fips-20200124-150400.20.10.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150400.10.21.1 updated - util-linux-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - ca-certificates-mozilla-2.68-150200.33.1 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:08:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:08:37 +0200 (CEST) Subject: SUSE-CU-2024:3836-1: Recommended update of bci/nodejs Message-ID: <20240825070837.51D05FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3836-1 Container Tags : bci/node:18 , bci/node:18-29.2 , bci/nodejs:18 , bci/nodejs:18-29.2 Container Release : 29.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.0.0-36.14.14 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:09:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:09:40 +0200 (CEST) Subject: SUSE-CU-2024:3837-1: Recommended update of bci/openjdk-devel Message-ID: <20240825070940.82E77FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3837-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-26.4 Container Release : 26.4 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:bci-openjdk-11-15.5.11-27.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:11:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:11:24 +0200 (CEST) Subject: SUSE-CU-2024:3839-1: Recommended update of bci/openjdk-devel Message-ID: <20240825071124.5A19DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3839-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-28.5 Container Release : 28.5 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:bci-openjdk-17-15.5.17-29.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:13:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:13:10 +0200 (CEST) Subject: SUSE-CU-2024:3842-1: Recommended update of suse/sle15 Message-ID: <20240825071310.5F576FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3842-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.14 , suse/sle15:15.5 , suse/sle15:15.5.36.14.14 Container Release : 36.14.14 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:13:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:13:16 +0200 (CEST) Subject: SUSE-CU-2024:3843-1: Recommended update of suse/389-ds Message-ID: <20240825071316.96D76FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3843-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-41.3 , suse/389-ds:latest Container Release : 41.3 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:13:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:13:36 +0200 (CEST) Subject: SUSE-CU-2024:3847-1: Recommended update of suse/registry Message-ID: <20240825071337.0007AFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3847-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-24.6 , suse/registry:latest Container Release : 24.6 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:14:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:07 +0200 (CEST) Subject: SUSE-CU-2024:3852-1: Security update of bci/golang Message-ID: <20240825071407.EB1E4FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3852-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.34.2 , bci/golang:oldstable , bci/golang:oldstable-2.34.2 Container Release : 34.2 Severity : important Type : security References : 1218424 1218424 1218424 1218424 1218424 1218424 1219988 1220999 1221000 1221001 1221002 1221003 1221400 1224017 1224018 1225973 1225974 1227314 CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 CVE-2024-24787 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:443-1 Released: Fri Feb 9 16:34:12 2024 Summary: Recommended update for go1.22 Type: recommended Severity: moderate References: 1218424 This update for go1.22 fixes the following issues: This is go1.22 (released 2024-02-06), a major release of Go. (bsc#1218424 go1.22 release tracking) go1.22.x minor releases will be provided through February 2024. See https://github.com/golang/go/wiki/Go-Release-Cycle go1.22 arrives six months after go1.21. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. * Language change: go1.22 makes two changes to for loops. Previously, the variables declared by a for loop were created once and updated by each iteration. In go1.22, each iteration of the loop creates new variables, to avoid accidental sharing bugs. The transition support tooling described in the proposal continues to work in the same way it did in Go 1.21. * Language change: For loops may now range over integers * Language change: go1.22 includes a preview of a language change we are considering for a future version of Go: range-over-function iterators. Building with GOEXPERIMENT=rangefunc enables this feature. * go command: Commands in workspaces can now use a vendor directory containing the dependencies of the workspace. The directory is created by go work vendor, and used by build commands when the -mod flag is set to vendor, which is the default when a workspace vendor directory is present. Note that the vendor directory's contents for a workspace are different from those of a single module: if the directory at the root of a workspace also contains one of the modules in the workspace, its vendor directory can contain the dependencies of either the workspace or of the module, but not both. * go get is no longer supported outside of a module in the legacy GOPATH mode (that is, with GO111MODULE=off). Other build commands, such as go build and go test, will continue to work indefinitely for legacy GOPATH programs. * go mod init no longer attempts to import module requirements from configuration files for other vendoring tools (such as Gopkg.lock). * go test -cover now prints coverage summaries for covered packages that do not have their own test files. Prior to Go 1.22 a go test -cover run for such a package would report: ? mymod/mypack [no test files] and now with go1.22, functions in the package are treated as uncovered: mymod/mypack coverage: 0.0% of statements Note that if a package contains no executable code at all, we can't report a meaningful coverage percentage; for such packages the go tool will continue to report that there are no test files. * trace: The trace tool's web UI has been gently refreshed as part of the work to support the new tracer, resolving several issues and improving the readability of various sub-pages. The web UI now supports exploring traces in a thread-oriented view. The trace viewer also now displays the full duration of all system calls. These improvements only apply for viewing traces produced by programs built with go1.22 or newer. A future release will bring some of these improvements to traces produced by older version of Go. * vet: References to loop variables The behavior of the vet tool has changed to match the new semantics (see above) of loop variables in go1.22. When analyzing a file that requires go1.22 or newer (due to its go.mod file or a per-file build constraint), vetcode> no longer reports references to loop variables from within a function literal that might outlive the iteration of the loop. In Go 1.22, loop variables are created anew for each iteration, so such references are no longer at risk of using a variable after it has been updated by the loop. * vet: New warnings for missing values after append The vet tool now reports calls to append that pass no values to be appended to the slice, such as slice = append(slice). Such a statement has no effect, and experience has shown that is nearly always a mistake. * vet: New warnings for deferring time.Since The vet tool now reports a non-deferred call to time.Since(t) within a defer statement. This is equivalent to calling time.Now().Sub(t) before the defer statement, not when the deferred function is called. In nearly all cases, the correct code requires deferring the time.Since call. * vet: New warnings for mismatched key-value pairs in log/slog calls The vet tool now reports invalid arguments in calls to functions and methods in the structured logging package, log/slog, that accept alternating key/value pairs. It reports calls where an argument in a key position is neither a string nor a slog.Attr, and where a final key is missing its value. * runtime: The runtime now keeps type-based garbage collection metadata nearer to each heap object, improving the CPU performance (latency or throughput) of Go programs by 1-3%. This change also reduces the memory overhead of the majority Go programs by approximately 1% by deduplicating redundant metadata. Some programs may see a smaller improvement because this change adjusts the size class boundaries of the memory allocator, so some objects may be moved up a size class. A consequence of this change is that some objects' addresses that were previously always aligned to a 16 byte (or higher) boundary will now only be aligned to an 8 byte boundary. Some programs that use assembly instructions that require memory addresses to be more than 8-byte aligned and rely on the memory allocator's previous alignment behavior may break, but we expect such programs to be rare. Such programs may be built with GOEXPERIMENT=noallocheaders to revert to the old metadata layout and restore the previous alignment behavior, but package owners should update their assembly code to avoid the alignment assumption, as this workaround will be removed in a future release. * runtime: On the windows/amd64 port, programs linking or loading Go libraries built with -buildmode=c-archive or -buildmode=c-shared can now use the SetUnhandledExceptionFilter Win32 function to catch exceptions not handled by the Go runtime. Note that this was already supported on the windows/386 port. * compiler: Profile-guided Optimization (PGO) builds can now devirtualize a higher proportion of calls than previously possible. Most programs from a representative set of Go programs now see between 2 and 14% improvement from enabling PGO. * compiler: The compiler now interleaves devirtualization and inlining, so interface method calls are better optimized. * compiler: go1.22 also includes a preview of an enhanced implementation of the compiler's inlining phase that uses heuristics to boost inlinability at call sites deemed 'important' (for example, in loops) and discourage inlining at call sites deemed 'unimportant' (for example, on panic paths). Building with GOEXPERIMENT=newinliner enables the new call-site heuristics; see issue #61502 for more info and to provide feedback. * linker: The linker's -s and -w flags are now behave more consistently across all platforms. The -w flag suppresses DWARF debug information generation. The -s flag suppresses symbol table generation. The -s flag also implies the -w flag, which can be negated with -w=0. That is, -s -w=0 will generate a binary with DWARF debug information generation but without the symbol table. * linker: On ELF platforms, the -B linker flag now accepts a special form: with -B gobuildid, the linker will generate a GNU build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go build ID. * linker: On Windows, when building with -linkmode=internal, the linker now preserves SEH information from C object files by copying the .pdata and .xdata sections into the final binary. This helps with debugging and profiling binaries using native tools, such as WinDbg. Note that until now, C functions' SEH exception handlers were not being honored, so this change may cause some programs to behave differently. -linkmode=external is not affected by this change, as external linkers already preserve SEH information. * bootstrap: As mentioned in the Go 1.20 release notes, go1.22 now requires the final point release of Go 1.20 or later for bootstrap. We expect that Go 1.24 will require the final point release of go1.22 or later for bootstrap. * core library: New math/rand/v2 package: go1.22 includes the first ???v2??? package in the standard library, math/rand/v2. The changes compared to math/rand are detailed in proposal go#61716. The most important changes are: - The Read method, deprecated in math/rand, was not carried forward for math/rand/v2. (It remains available in math/rand.) The vast majority of calls to Read should use crypto/rand???s Read instead. Otherwise a custom Read can be constructed using the Uint64 method. - The global generator accessed by top-level functions is unconditionally randomly seeded. Because the API guarantees no fixed sequence of results, optimizations like per-thread random generator states are now possible. - The Source interface now has a single Uint64 method; there is no Source64 interface. - Many methods now use faster algorithms that were not possible to adopt in math/rand because they changed the output streams. - The Intn, Int31, Int31n, Int63, and Int64n top-level functions and methods from math/rand are spelled more idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64, and Int64N. There are also new top-level functions and methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN. - The new generic function N is like Int64N or Uint64N but works for any integer type. For example a random duration from 0 up to 5 minutes is rand.N(5*time.Minute). - The Mitchell & Reeds LFSR generator provided by math/rand???s Source has been replaced by two more modern pseudo-random generator sources: ChaCha8 PCG. ChaCha8 is a new, cryptographically strong random number generator roughly similar to PCG in efficiency. ChaCha8 is the algorithm used for the top-level functions in math/rand/v2. As of go1.22, math/rand's top-level functions (when not explicitly seeded) and the Go runtime also use ChaCha8 for randomness. - We plan to include an API migration tool in a future release, likely Go 1.23. * core library: New go/version package: The new go/version package implements functions for validating and comparing Go version strings. * core library: Enhanced routing patterns: HTTP routing in the standard library is now more expressive. The patterns used by net/http.ServeMux have been enhanced to accept methods and wildcards. This change breaks backwards compatibility in small ways, some obvious???patterns with '{' and '}' behave differently??? and some less so???treatment of escaped paths has been improved. The change is controlled by a GODEBUG field named httpmuxgo121. Set httpmuxgo121=1 to restore the old behavior. * Minor changes to the library As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. There are also various performance improvements, not enumerated here. * archive/tar: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * archive/zip: The new method Writer.AddFS adds all of the files from an fs.FS to the archive. * bufio: When a SplitFunc returns ErrFinalToken with a nil token, Scanner will now stop immediately. Previously, it would report a final empty token before stopping, which was usually not desired. Callers that do want to report a final empty token can do so by returning []byte{} rather than nil. * cmp: The new function Or returns the first in a sequence of values that is not the zero value. * crypto/tls: ConnectionState.ExportKeyingMaterial will now return an error unless TLS 1.3 is in use, or the extended_master_secret extension is supported by both the server and client. crypto/tls has supported this extension since Go 1.20. This can be disabled with the tlsunsafeekm=1 GODEBUG setting. * crypto/tls: By default, the minimum version offered by crypto/tls servers is now TLS 1.2 if not specified with config.MinimumVersion, matching the behavior of crypto/tls clients. This change can be reverted with the tls10server=1 GODEBUG setting. * crypto/tls: By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes. This change can be reverted with the tlsrsakex=1 GODEBUG setting. * crypto/x509: The new CertPool.AddCertWithConstraint method can be used to add customized constraints to root certificates to be applied during chain building. * crypto/x509: On Android, root certificates will now be loaded from /data/misc/keychain/certs-added as well as /system/etc/security/cacerts. * crypto/x509: A new type, OID, supports ASN.1 Object Identifiers with individual components larger than 31 bits. A new field which uses this type, Policies, is added to the Certificate struct, and is now populated during parsing. Any OIDs which cannot be represented using a asn1.ObjectIdentifier will appear in Policies, but not in the old PolicyIdentifiers field. When calling CreateCertificate, the Policies field is ignored, and policies are taken from the PolicyIdentifiers field. Using the x509usepolicies=1 GODEBUG setting inverts this, populating certificate policies from the Policies field, and ignoring the PolicyIdentifiers field. We may change the default value of x509usepolicies in Go 1.23, making Policies the default field for marshaling. * database/sql: The new Null[T] type provide a way to scan nullable columns for any column types. * debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64 systems. Additional R_LARCH_* constants are defined for use with LoongArch systems. * encoding: The new methods AppendEncode and AppendDecode added to each of the Encoding types in the packages encoding/base32, encoding/base64, and encoding/hex simplify encoding and decoding from and to byte slices by taking care of byte slice buffer management. * encoding: The methods base32.Encoding.WithPadding and base64.Encoding.WithPadding now panic if the padding argument is a negative value other than NoPadding. * encoding/json: Marshaling and encoding functionality now escapes '\b' and '\f' characters as \b and \f instead of \u0008 and \u000c. * go/ast: The following declarations related to syntactic identifier resolution are now deprecated: Ident.Obj, Object, Scope, File.Scope, File.Unresolved, Importer, Package, NewPackage. In general, identifiers cannot be accurately resolved without type information. Consider, for example, the identifier K in T{K: ''}: it could be the name of a local variable if T is a map type, or the name of a field if T is a struct type. New programs should use the go/types package to resolve identifiers; see Object, Info.Uses, and Info.Defs for details. * go/ast: The new ast.Unparen function removes any enclosing parentheses from an expression. * go/types: The new Alias type represents type aliases. Previously, type aliases were not represented explicitly, so a reference to a type alias was equivalent to spelling out the aliased type, and the name of the alias was lost. The new representation retains the intermediate Alias. This enables improved error reporting (the name of a type alias can be reported), and allows for better handling of cyclic type declarations involving type aliases. In a future release, Alias types will also carry type parameter information. The new function Unalias returns the actual type denoted by an Alias type (or any other Type for that matter). * go/types: Because Alias types may break existing type switches that do not know to check for them, this functionality is controlled by a GODEBUG field named gotypesalias. With gotypesalias=0, everything behaves as before, and Alias types are never created. With gotypesalias=1, Alias types are created and clients must expect them. The default is gotypesalias=0. In a future release, the default will be changed to gotypesalias=1. Clients of go/types are urged to adjust their code as soon as possible to work with gotypesalias=1 to eliminate problems early. * go/types: The Info struct now exports the FileVersions map which provides per-file Go version information. * go/types: The new helper method PkgNameOf returns the local package name for the given import declaration. * go/types: The implementation of SizesFor has been adjusted to compute the same type sizes as the compiler when the compiler argument for SizesFor is 'gc'. The default Sizes implementation used by the type checker is now types.SizesFor('gc', 'amd64'). * go/types: The start position (Pos) of the lexical environment block (Scope) that represents a function body has changed: it used to start at the opening curly brace of the function body, but now starts at the function's func token. * html/template: Javascript template literals may now contain Go template actions, and parsing a template containing one will no longer return ErrJSTemplate. Similarly the GODEBUG setting jstmpllitinterp no longer has any effect. * io: The new SectionReader.Outer method returns the ReaderAt, offset, and size passed to NewSectionReader. * log/slog: The new SetLogLoggerLevel function controls the level for the bridge between the `slog` and `log` packages. It sets the minimum level for calls to the top-level `slog` logging functions, and it sets the level for calls to `log.Logger` that go through `slog`. * math/big: The new method Rat.FloatPrec computes the number of fractional decimal digits required to represent a rational number accurately as a floating-point number, and whether accurate decimal representation is possible in the first place. * net: When io.Copy copies from a TCPConn to a UnixConn, it will now use Linux's splice(2) system call if possible, using the new method TCPConn.WriteTo. * net: The Go DNS Resolver, used when building with '-tags=netgo', now searches for a matching name in the Windows hosts file, located at %SystemRoot%\System32\drivers\etc\hosts, before making a DNS query. * net/http: The new functions ServeFileFS, FileServerFS, and NewFileTransportFS are versions of the existing ServeFile, FileServer, and NewFileTransport, operating on an fs.FS. * net/http: The HTTP server and client now reject requests and responses containing an invalid empty Content-Length header. The previous behavior may be restored by setting GODEBUG field httplaxcontentlength=1. * net/http: The new method Request.PathValue returns path wildcard values from a request and the new method Request.SetPathValue sets path wildcard values on a request. * net/http/cgi: When executing a CGI process, the PATH_INFO variable is now always set to the empty string or a value starting with a / character, as required by RFC 3875. It was previously possible for some combinations of Handler.Root and request URL to violate this requirement. * net/netip: The new AddrPort.Compare method compares two AddrPorts. * os: On Windows, the Stat function now follows all reparse points that link to another named entity in the system. It was previously only following IO_REPARSE_TAG_SYMLINK and IO_REPARSE_TAG_MOUNT_POINT reparse points. * os: On Windows, passing O_SYNC to OpenFile now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and File.Readdirnames functions now read directory entries in batches to reduce the number of system calls, improving performance up to 30%. * os: When io.Copy copies from a File to a net.UnixConn, it will now use Linux's sendfile(2) system call if possible, using the new method File.WriteTo. * os/exec: On Windows, LookPath now ignores empty entries in %PATH%, and returns ErrNotFound (instead of ErrNotExist) if no executable file extension is found to resolve an otherwise-unambiguous name. * os/exec: On Windows, Command and Cmd.Start no longer call LookPath if the path to the executable is already absolute and has an executable file extension. In addition, Cmd.Start no longer writes the resolved extension back to the Path field, so it is now safe to call the String method concurrently with a call to Start. * reflect: The Value.IsZero method will now return true for a floating-point or complex negative zero, and will return true for a struct value if a blank field (a field named _) somehow has a non-zero value. These changes make IsZero consistent with comparing a value to zero using the language == operator. * reflect: The PtrTo function is deprecated, in favor of PointerTo. * reflect: The new function TypeFor returns the Type that represents the type argument T. Previously, to get the reflect.Type value for a type, one had to use reflect.TypeOf((*T)(nil)).Elem(). This may now be written as reflect.TypeFor[T](). * runtime/metrics: Four new histogram metrics /sched/pauses/stopping/gc:seconds, /sched/pauses/stopping/other:seconds, /sched/pauses/total/gc:seconds, and /sched/pauses/total/other:seconds provide additional details about stop-the-world pauses. The 'stopping' metrics report the time taken from deciding to stop the world until all goroutines are stopped. The 'total' metrics report the time taken from deciding to stop the world until it is started again. * runtime/metrics: The /gc/pauses:seconds metric is deprecated, as it is equivalent to the new /sched/pauses/total/gc:seconds metric. * runtime/metrics: /sync/mutex/wait/total:seconds now includes contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. * runtime/pprof: Mutex profiles now scale contention by the number of goroutines blocked on the mutex. This provides a more accurate representation of the degree to which a mutex is a bottleneck in a Go program. For instance, if 100 goroutines are blocked on a mutex for 10 milliseconds, a mutex profile will now record 1 second of delay instead of 10 milliseconds of delay. * runtime/pprof: Mutex profiles also now include contention on runtime-internal locks in addition to sync.Mutex and sync.RWMutex. Contention on runtime-internal locks is always reported at runtime._LostContendedRuntimeLock. A future release will add complete stack traces in these cases. * runtime/pprof: CPU profiles on Darwin platforms now contain the process's memory map, enabling the disassembly view in the pprof tool. * runtime/trace: The execution tracer has been completely overhauled in this release, resolving several long-standing issues and paving the way for new use-cases for execution traces. * runtime/trace: Execution traces now use the operating system's clock on most platforms (Windows excluded) so it is possible to correlate them with traces produced by lower-level components. Execution traces no longer depend on the reliability of the platform's clock to produce a correct trace. Execution traces are now partitioned regularly on-the-fly and as a result may be processed in a streamable way. Execution traces now contain complete durations for all system calls. Execution traces now contain information about the operating system threads that goroutines executed on. The latency impact of starting and stopping execution traces has been dramatically reduced. Execution traces may now begin or end during the garbage collection mark phase. * runtime/trace: To allow Go developers to take advantage of these improvements, an experimental trace reading package is available at golang.org/x/exp/trace. Note that this package only works on traces produced by programs built with go1.22 at the moment. Please try out the package and provide feedback on the corresponding proposal issue. * runtime/trace: If you experience any issues with the new execution tracer implementation, you may switch back to the old implementation by building your Go program with GOEXPERIMENT=noexectracer2. If you do, please file an issue, otherwise this option will be removed in a future release. * slices: The new function Concat concatenates multiple slices. * slices: Functions that shrink the size of a slice (Delete, DeleteFunc, Compact, CompactFunc, and Replace) now zero the elements between the new length and the old length. * slices: Insert now always panics if the argument i is out of range. Previously it did not panic in this situation if there were no elements to be inserted. * syscall: The syscall package has been frozen since Go 1.4 and was marked as deprecated in Go 1.11, causing many editors to warn about any use of the package. However, some non-deprecated functionality requires use of the syscall package, such as the os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints on such code, the syscall package is no longer marked as deprecated. The package remains frozen to most new functionality, and new code remains encouraged to use golang.org/x/sys/unix or golang.org/x/sys/windows where possible. * syscall: On Linux, the new SysProcAttr.PidFD field allows obtaining a PID FD when starting a child process via StartProcess or os/exec. * syscall: On Windows, passing O_SYNC to Open now causes write operations to go directly to disk, equivalent to O_SYNC on Unix platforms. * testing/slogtest: The new Run function uses sub-tests to run test cases, providing finer-grained control. * Ports: Darwin: On macOS on 64-bit x86 architecture (the darwin/amd64 port), the Go toolchain now generates position-independent executables (PIE) by default. Non-PIE binaries can be generated by specifying the -buildmode=exe build flag. On 64-bit ARM-based macOS (the darwin/arm64 port), the Go toolchain already generates PIE by default. go1.22 is the last release that will run on macOS 10.15 Catalina. Go 1.23 will require macOS 11 Big Sur or later. * Ports: Arm: The GOARM environment variable now allows you to select whether to use software or hardware floating point. Previously, valid GOARM values were 5, 6, or 7. Now those same values can be optionally followed by ,softfloat or ,hardfloat to select the floating-point implementation. This new option defaults to softfloat for version 5 and hardfloat for versions 6 and 7. * Ports: Loong64: The loong64 port now supports passing function arguments and results using registers. The linux/loong64 port now supports the address sanitizer, memory sanitizer, new-style linker relocations, and the plugin build mode. * OpenBSD go1.22 adds an experimental port to OpenBSD on big-endian 64-bit PowerPC (openbsd/ppc64). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:812-1 Released: Fri Mar 8 08:43:31 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1219988,1220999,1221000,1221001,1221002,1221003,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785 This update for go1.22 fixes the following issues: - Upgrade go to version 1.22.1 - CVE-2023-45289: net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect (bsc#1221000) - CVE-2023-45290: net/http: memory exhaustion in Request.ParseMultipartForm (bsc#1221001) - CVE-2024-24783: crypto/x509: Verify panics on certificates with an unknown public key algorithm (bsc#1220999) - CVE-2024-24784: net/mail: comments in display names are incorrectly handled (bsc#1221002) - CVE-2024-24785: html/template: errors returned from MarshalJSON methods may break template escaping (bsc#1221003) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1121-1 Released: Fri Apr 5 17:31:35 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1221400,CVE-2023-45288 This update for go1.22 fixes the following issues: - CVE-2023-45288: Fixed denial of service via HTTP/2 continuation frames (bsc#1221400) Other changes: - go minor release upgrade to 1.22.2 (bsc#1218424) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1587-1 Released: Fri May 10 09:18:38 2024 Summary: Security update for go1.22 Type: security Severity: moderate References: 1218424,1224017,1224018,CVE-2024-24787,CVE-2024-24788 This update for go1.22 fixes the following issues: Update to go1.22.3: - CVE-2024-24787: cmd/go: arbitrary code execution during build on darwin (bsc#1224017) - CVE-2024-24788: net: high cpu usage in extractExtendedRCode (bsc#1224018) - cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le - cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE - runtime: deterministic fallback hashes across process boundary - net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net at v0.23.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1970-1 Released: Mon Jun 10 20:05:03 2024 Summary: Security update for go1.22 Type: security Severity: moderate References: 1218424,1225973,1225974,CVE-2024-24789,CVE-2024-24790 This update for go1.22 fixes the following issues: go1.21.11 release (bsc#1212475). - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973). - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses (bsc#1225974). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2309-1 Released: Fri Jul 5 12:05:37 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1227314,CVE-2024-24791 This update for go1.22 fixes the following issues: Updated to version 1.22.5 (bsc#1218424): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). The following package changes have been done: - go1.22-doc-1.22.5-150000.1.21.1 added - go1.22-1.22.5-150000.1.21.1 added - go1.22-race-1.22.5-150000.1.21.1 added - container:sles15-image-15.6.0-47.11.8 updated - go1.21-1.21.12-150000.1.39.1 removed - go1.21-doc-1.21.12-150000.1.39.1 removed - go1.21-race-1.21.12-150000.1.39.1 removed From sle-container-updates at lists.suse.com Sun Aug 25 07:14:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:14 +0200 (CEST) Subject: SUSE-CU-2024:3854-1: Security update of bci/golang Message-ID: <20240825071414.BF4D8FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3854-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.34.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.2 Container Release : 34.2 Severity : important Type : security References : 1227888 1228535 1229122 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2951-1 Released: Fri Aug 16 16:33:41 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - go1.23 (released 2024-08-13) is a major release of Go. go1.23.x minor releases will be provided through August 2025. See https://github.com/golang/go/wiki/Go-Release-Cycle go1.23 arrives six months after go1.22. Most of its changes are in the implementation of the toolchain, runtime, and libraries. As always, the release maintains the Go 1 promise of compatibility. We expect almost all Go programs to continue to compile and run as before. (bsc#1229122) * Language change: Go 1.23 makes the (Go 1.22) 'range-over-func' experiment a part of the language. The 'range' clause in a 'for-range' loop now accepts iterator functions of the following types: func(func() bool) func(func(K) bool) func(func(K, V) bool) as range expressions. Calls of the iterator argument function produce the iteration values for the 'for-range' loop. For details see the iter package documentation and the language spec. For motivation see the 2022 'range-over-func' discussion. * Language change: Go 1.23 includes preview support for generic type aliases. Building the toolchain with GOEXPERIMENT=aliastypeparams enables this feature within a package. (Using generic alias types across package boundaries is not yet supported.) * Opt-in Telemetry: Starting in Go 1.23, the Go toolchain can collect usage and breakage statistics that help the Go team understand how the Go toolchain is used and how well it is working. We refer to these statistics as Go telemetry. Go telemetry is an opt-in system, controlled by the go telemetry command. By default, the toolchain programs collect statistics in counter files that can be inspected locally but are otherwise unused (go telemetry local). To help us keep Go working well and understand Go usage, please consider opting in to Go telemetry by running go telemetry on. In that mode, anonymous counter reports are uploaded to telemetry.go.dev weekly, where they are aggregated into graphs and also made available for download by any Go contributors or users wanting to analyze the data. See 'Go Telemetry' for more details about the Go Telemetry system. * go command: Setting the GOROOT_FINAL environment variable no longer has an effect (#62047). Distributions that install the go command to a location other than $GOROOT/bin/go should install a symlink instead of relocating or copying the go binary. * go command: The new go env -changed flag causes the command to print only those settings whose effective value differs from the default value that would be obtained in an empty environment with no prior uses of the -w flag. * go command: The new go mod tidy -diff flag causes the command not to modify the files but instead print the necessary changes as a unified diff. It exits with a non-zero code if updates are needed. * go command: The go list -m -json command now includes new Sum and GoModSum fields. This is similar to the existing behavior of the go mod download -json command. * go command: The new godebug directive in go.mod and go.work declares a GODEBUG setting to apply for the work module or workspace in use. * go vet: The go vet subcommand now includes the stdversion analyzer, which flags references to symbols that are too new for the version of Go in effect in the referring file. (The effective version is determined by the go directive in the file's enclosing go.mod file, and by any //go:build constraints in the file.) For example, it will report a diagnostic for a reference to the reflect.TypeFor function (introduced in go1.22) from a file in a module whose go.mod file specifies go 1.21. * cgo: cmd/cgo supports the new -ldflags flag for passing flags to the C linker. The go command uses it automatically, avoiding 'argument list too long' errors with a very large CGO_LDFLAGS. * go trace: The trace tool now better tolerates partially broken traces by attempting to recover what trace data it can. This functionality is particularly helpful when viewing a trace that was collected during a program crash, since the trace data leading up to the crash will now be recoverable under most circumstances. * Runtime: The traceback printed by the runtime after an unhandled panic or other fatal error now indents the second and subsequent lines of the error message (for example, the argument to panic) by a single tab, so that it can be unambiguously distinguished from the stack trace of the first goroutine. See go#64590 for discussion. * Compiler: The build time overhead to building with Profile Guided Optimization has been reduced significantly. Previously, large builds could see 100%+ build time increase from enabling PGO. In Go 1.23, overhead should be in the single digit percentages. * Compiler: The compiler in Go 1.23 can now overlap the stack frame slots of local variables accessed in disjoint regions of a function, which reduces stack usage for Go applications. * Compiler: For 386 and amd64, the compiler will use information from PGO to align certain hot blocks in loops. This improves performance an additional 1-1.5% at a cost of an additional 0.1% text and binary size. This is currently only implemented on 386 and amd64 because it has not shown an improvement on other platforms. Hot block alignment can be disabled with -gcflags=[=]-d=alignhot=0. * Linker: The linker now disallows using a //go:linkname directive to refer to internal symbols in the standard library (including the runtime) that are not marked with //go:linkname on their definitions. Similarly, the linker disallows references to such symbols from assembly code. For backward compatibility, existing usages of //go:linkname found in a large open-source code corpus remain supported. Any new references to standard library internal symbols will be disallowed. * Linker: A linker command line flag -checklinkname=0 can be used to disable this check, for debugging and experimenting purposes. * Linker: When building a dynamically linked ELF binary (including PIE binary), the new -bindnow flag enables immediate function binding. * Standard library changes: * timer: 1.23 makes two significant changes to the implementation of time.Timer and time.Ticker. First, Timers and Tickers that are no longer referred to by the program become eligible for garbage collection immediately, even if their Stop methods have not been called. Earlier versions of Go did not collect unstopped Timers until after they had fired and never collected unstopped Tickers. Second, the timer channel associated with a Timer or Ticker is now unbuffered, with capacity 0. The main effect of this change is that Go now guarantees that for any call to a Reset or Stop method, no stale values prepared before that call will be sent or received after the call. Earlier versions of Go used channels with a one-element buffer, making it difficult to use Reset and Stop correctly. A visible effect of this change is that len and cap of timer channels now returns 0 instead of 1, which may affect programs that poll the length to decide whether a receive on the timer channel will succeed. Such code should use a non-blocking receive instead. These new behaviors are only enabled when the main Go program is in a module with a go.mod go line using Go 1.23.0 or later. When Go 1.23 builds older programs, the old behaviors remain in effect. The new GODEBUG setting asynctimerchan=1 can be used to revert back to asynchronous channel behaviors even when a program names Go 1.23.0 or later in its go.mod file. * unique: The new unique package provides facilities for canonicalizing values (like 'interning' or 'hash-consing'). Any value of comparable type may be canonicalized with the new Make[T] function, which produces a reference to a canonical copy of the value in the form of a Handle[T]. Two Handle[T] are equal if and only if the values used to produce the handles are equal, allowing programs to deduplicate values and reduce their memory footprint. Comparing two Handle[T] values is efficient, reducing down to a simple pointer comparison. * iter: The new iter package provides the basic definitions for working with user-defined iterators. * slices: The slices package adds several functions that work with iterators: - All returns an iterator over slice indexes and values. - Values returns an iterator over slice elements. - Backward returns an iterator that loops over a slice backward. - Collect collects values from an iterator into a new slice. - AppendSeq appends values from an iterator to an existing slice. - Sorted collects values from an iterator into a new slice, and then sorts the slice. - SortedFunc is like Sorted but with a comparison function. - SortedStableFunc is like SortFunc but uses a stable sort algorithm. - Chunk returns an iterator over consecutive sub-slices of up to n elements of a slice. * maps: The maps package adds several functions that work with iterators: - All returns an iterator over key-value pairs from a map. - Keys returns an iterator over keys in a map. - Values returns an iterator over values in a map. - Insert adds the key-value pairs from an iterator to an existing map. - Collect collects key-value pairs from an iterator into a new map and returns it. * structs: The new structs package provides types for struct fields that modify properties of the containing struct type such as memory layout. In this release, the only such type is HostLayout which indicates that a structure with a field of that type has a layout that conforms to host platform expectations. * Minor changes to the standard library: As always, there are various minor changes and updates to the library, made with the Go 1 promise of compatibility in mind. * archive/tar: If the argument to FileInfoHeader implements the new FileInfoNames interface, then the interface methods will be used to set the Uname/Gname of the file header. This allows applications to override the system-dependent Uname/Gname lookup. * crypto/tls: The TLS client now supports the Encrypted Client Hello draft specification. This feature can be enabled by setting the Config.EncryptedClientHelloConfigList field to an encoded ECHConfigList for the host that is being connected to. * crypto/tls: The QUICConn type used by QUIC implementations includes new events reporting on the state of session resumption, and provides a way for the QUIC layer to add data to session tickets and session cache entries. * crypto/tls: 3DES cipher suites were removed from the default list used when Config.CipherSuites is nil. The default can be reverted by adding tls3des=1 to the GODEBUG environment variable. * crypto/tls: The experimental post-quantum key exchange mechanism X25519Kyber768Draft00 is now enabled by default when Config.CurvePreferences is nil. The default can be reverted by adding tlskyber=0 to the GODEBUG environment variable. * crypto/tls: Go 1.23 changed the behavior of X509KeyPair and LoadX509KeyPair to populate the Certificate.Leaf field of the returned Certificate. The new x509keypairleaf GODEBUG setting is added for this behavior. * crypto/x509: CreateCertificateRequest now correctly supports RSA-PSS signature algorithms. * crypto/x509: CreateCertificateRequest and CreateRevocationList now verify the generated signature using the signer's public key. If the signature is invalid, an error is returned. This has been the behavior of CreateCertificate since Go 1.16. * crypto/x509: The x509sha1 GODEBUG setting will be removed in the next Go major release (Go 1.24). This will mean that crypto/x509 will no longer support verifying signatures on certificates that use SHA-1 based signature algorithms. * crypto/x509: The new ParseOID function parses a dot-encoded ASN.1 Object Identifier string. The OID type now implements the encoding.BinaryMarshaler, encoding.BinaryUnmarshaler, encoding.TextMarshaler, encoding.TextUnmarshaler interfaces. database/sql * crypto/x509: Errors returned by driver.Valuer implementations are now wrapped for improved error handling during operations like DB.Query, DB.Exec, and DB.QueryRow. * debug/elf: The debug/elf package now defines PT_OPENBSD_NOBTCFI. This ProgType is used to disable Branch Tracking Control Flow Integrity (BTCFI) enforcement on OpenBSD binaries. * debug/elf: Now defines the symbol type constants STT_RELC, STT_SRELC, and STT_GNU_IFUNC. * encoding/binary The new Encode and Decode functions are byte slice equivalents to Read and Write. Append allows marshaling multiple data into the same byte slice. * go/ast: The new Preorder function returns a convenient iterator over all the nodes of a syntax tree. * go/types: The Func type, which represents a function or method symbol, now has a Func.Signature method that returns the function's type, which is always a Signature. * go/types: The Alias type now has an Rhs method that returns the type on the right-hand side of its declaration: given type A = B, the Rhs of A is B. (go#66559) * go/types: The methods Alias.Origin, Alias.SetTypeParams, Alias.TypeParams, and Alias.TypeArgs have been added. They are needed for generic alias types. * go/types: By default, go/types now produces Alias type nodes for type aliases. This behavior can be controlled by the GODEBUG gotypesalias flag. Its default has changed from 0 in Go 1.22 to 1 in Go 1.23. * math/rand/v2: The Uint function and Rand.Uint method have been added. They were inadvertently left out of Go 1.22. * math/rand/v2: The new ChaCha8.Read method implements the io.Reader interface. * net: The new type KeepAliveConfig permits fine-tuning the keep-alive options for TCP connections, via a new TCPConn.SetKeepAliveConfig method and new KeepAliveConfig fields for Dialer and ListenConfig. * net: The DNSError type now wraps errors caused by timeouts or cancellation. For example, errors.Is(someDNSErr, context.DeadlineExceedeed) will now report whether a DNS error was caused by a timeout. * net: The new GODEBUG setting netedns0=0 disables sending EDNS0 additional headers on DNS requests, as they reportedly break the DNS server on some modems. * net/http: Cookie now preserves double quotes surrounding a cookie value. The new Cookie.Quoted field indicates whether the Cookie.Value was originally quoted. * net/http: The new Request.CookiesNamed method retrieves all cookies that match the given name. * net/http: The new Cookie.Partitioned field identifies cookies with the Partitioned attribute. * net/http: The patterns used by ServeMux now allow one or more spaces or tabs after the method name. Previously, only a single space was permitted. * net/http: The new ParseCookie function parses a Cookie header value and returns all the cookies which were set in it. Since the same cookie name can appear multiple times the returned Values can contain more than one value for a given key. * net/http: The new ParseSetCookie function parses a Set-Cookie header value and returns a cookie. It returns an error on syntax error. * net/http: ServeContent, ServeFile, and ServeFileFS now remove the Cache-Control, Content-Encoding, Etag, and Last-Modified headers when serving an error. These headers usually apply to the non-error content, but not to the text of errors. * net/http: Middleware which wraps a ResponseWriter and applies on-the-fly encoding, such as Content-Encoding: gzip, will not function after this change. The previous behavior of ServeContent, ServeFile, and ServeFileFS may be restored by setting GODEBUG=httpservecontentkeepheaders=1. Note that middleware which changes the size of the served content (such as by compressing it) already does not function properly when ServeContent handles a Range request. On-the-fly compression should use the Transfer-Encoding header instead of Content-Encoding. * net/http: For inbound requests, the new Request.Pattern field contains the ServeMux pattern (if any) that matched the request. This field is not set when GODEBUG=httpmuxgo121=1 is set. * net/http/httptest: The new NewRequestWithContext method creates an incoming request with a context.Context. * net/netip: In Go 1.22 and earlier, using reflect.DeepEqual to compare an Addr holding an IPv4 address to one holding the IPv4-mapped IPv6 form of that address incorrectly returned true, even though the Addr values were different when comparing with == or Addr.Compare. This bug is now fixed and all three approaches now report the same result. * os: The Stat function now sets the ModeSocket bit for files that are Unix sockets on Windows. These files are identified by having a reparse tag set to IO_REPARSE_TAG_AF_UNIX. * os: On Windows, the mode bits reported by Lstat and Stat for reparse points changed. Mount points no longer have ModeSymlink set, and reparse points that are not symlinks, Unix sockets, or dedup files now always have ModeIrregular set. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * os: The CopyFS function copies an io/fs.FS into the local filesystem. * os: On Windows, Readlink no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * os: On Linux with pidfd support (generally Linux v5.4+), Process-related functions and methods use pidfd (rather than PID) internally, eliminating potential mistargeting when a PID is reused by the OS. Pidfd support is fully transparent to a user, except for additional process file descriptors that a process may have. * path/filepath: The new Localize function safely converts a slash-separated path into an operating system path. * path/filepath: On Windows, EvalSymlinks no longer evaluates mount points, which was a source of many inconsistencies and bugs. This behavior is controlled by the winsymlink setting. For Go 1.23, it defaults to winsymlink=1. Previous versions default to winsymlink=0. * path/filepath: On Windows, EvalSymlinks no longer tries to normalize volumes to drive letters, which was not always even possible. This behavior is controlled by the winreadlinkvolume setting. For Go 1.23, it defaults to winreadlinkvolume=1. Previous versions default to winreadlinkvolume=0. * reflect: The new methods synonymous with the methods of the same name in Value are added to Type: - Type.OverflowComplex - Type.OverflowFloat - Type.OverflowInt - Type.OverflowUint * reflect: The new SliceAt function is analogous to NewAt, but for slices. * reflect: The Value.Pointer and Value.UnsafePointer methods now support values of kind String. * reflect: The new methods Value.Seq and Value.Seq2 return sequences that iterate over the value as though it were used in a for/range loop. The new methods Type.CanSeq and Type.CanSeq2 report whether calling Value.Seq and Value.Seq2, respectively, will succeed without panicking. * runtime/debug: The SetCrashOutput function allows the user to specify an alternate file to which the runtime should write its fatal crash report. It may be used to construct an automated reporting mechanism for all unexpected crashes, not just those in goroutines that explicitly use recover. * runtime/pprof: The maximum stack depth for alloc, mutex, block, threadcreate and goroutine profiles has been raised from 32 to 128 frames. * runtime/trace: The runtime now explicitly flushes trace data when a program crashes due to an uncaught panic. This means that more complete trace data will be available in a trace if the program crashes while tracing is active. * slices: The Repeat function returns a new slice that repeats the provided slice the given number of times. * sync: The Map.Clear method deletes all the entries, resulting in an empty Map. It is analogous to clear. * sync/atomic: The new And and Or operators apply a bitwise AND or OR to the given input, returning the old value. * syscall: The syscall package now defines WSAENOPROTOOPT on Windows. * syscall: The GetsockoptInt function is now supported on Windows. * testing/fstest: TestFS now returns a structured error that can be unwrapped (via method Unwrap() []error). This allows inspecting errors using errors.Is or errors.As. * text/template: Templates now support the new 'else with' action, which reduces template complexity in some use cases. * time: Parse and ParseInLocation now return an error if the time zone offset is out of range. * unicode/utf16: The RuneLen function returns the number of 16-bit words in the UTF-16 encoding of the rune. It returns -1 if the rune is not a valid value to encode in UTF-16. * Port: Darwin: As announced in the Go 1.22 release notes, Go 1.23 requires macOS 11 Big Sur or later; support for previous versions has been discontinued. * Port: Linux: Go 1.23 is the last release that requires Linux kernel version 2.6.32 or later. Go 1.24 will require Linux kernel version 3.17 or later, with an exception that systems running 3.10 or later will continue to be supported if the kernel has been patched to support the getrandom system call. * Port: OpenBSD: Go 1.23 adds experimental support for OpenBSD on 64-bit RISC-V (GOOS=openbsd, GOARCH=riscv64). * Port: ARM64: Go 1.23 introduces a new GOARM64 environment variable, which specifies the minimum target version of the ARM64 architecture at compile time. Allowed values are v8.{0-9} and v9.{0-5}. This may be followed by an option specifying extensions implemented by target hardware. Valid options are ,lse and ,crypto. The GOARM64 environment variable defaults to v8.0. * Port: RISC-V: Go 1.23 introduces a new GORISCV64 environment variable, which selects the RISC-V user-mode application profile for which to compile. Allowed values are rva20u64 and rva22u64. The GORISCV64 environment variable defaults to rva20u64. * Port: Wasm: The go_wasip1_wasm_exec script in GOROOT/misc/wasm has dropped support for versions of wasmtime < 14.0.0. The following package changes have been done: - libcurl4-8.6.0-150600.4.3.1 updated - curl-8.6.0-150600.4.3.1 updated - go1.23-doc-1.23.0-150000.1.3.1 added - go1.23-1.23.0-150000.1.3.1 added - go1.23-race-1.23.0-150000.1.3.1 added - container:sles15-image-15.6.0-47.11.8 updated - go1.22-1.22.5-150000.1.21.1 removed - go1.22-doc-1.22.5-150000.1.21.1 removed - go1.22-race-1.22.5-150000.1.21.1 removed From sle-container-updates at lists.suse.com Sun Aug 25 07:14:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:28 +0200 (CEST) Subject: SUSE-CU-2024:3856-1: Recommended update of bci/bci-init Message-ID: <20240825071428.09CDAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3856-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.22.2 , bci/bci-init:latest Container Release : 22.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:14:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:33 +0200 (CEST) Subject: SUSE-CU-2024:3857-1: Recommended update of suse/nginx Message-ID: <20240825071433.6B5C4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3857-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-41.2 , suse/nginx:latest Container Release : 41.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:14:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:38 +0200 (CEST) Subject: SUSE-CU-2024:3858-1: Recommended update of bci/nodejs Message-ID: <20240825071438.BF172FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3858-1 Container Tags : bci/node:20 , bci/node:20-36.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-36.2 , bci/nodejs:latest Container Release : 36.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:14:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:14:49 +0200 (CEST) Subject: SUSE-CU-2024:3859-1: Recommended update of bci/openjdk-devel Message-ID: <20240825071449.A2C68FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3859-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-21.3 , bci/openjdk-devel:latest Container Release : 21.3 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:bci-openjdk-21-15.6.21-21.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:15:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:15:04 +0200 (CEST) Subject: SUSE-CU-2024:3861-1: Recommended update of suse/pcp Message-ID: <20240825071504.8E910FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3861-1 Container Tags : suse/pcp:5 , suse/pcp:5-41.3 , suse/pcp:5.3 , suse/pcp:5.3-41.3 , suse/pcp:5.3.7 , suse/pcp:5.3.7-41.3 , suse/pcp:latest Container Release : 41.3 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:bci-bci-init-15.6-15.6-22.2 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:15:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:15:10 +0200 (CEST) Subject: SUSE-CU-2024:3862-1: Recommended update of bci/php-apache Message-ID: <20240825071510.2939BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3862-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-36.2 , bci/php-apache:latest Container Release : 36.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:15:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:15:15 +0200 (CEST) Subject: SUSE-CU-2024:3863-1: Recommended update of bci/php-fpm Message-ID: <20240825071515.82A9BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3863-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-36.2 , bci/php-fpm:latest Container Release : 36.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:11 +0200 (CEST) Subject: SUSE-CU-2024:3863-1: Recommended update of bci/php-fpm Message-ID: <20240826070411.2D22EFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3863-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-36.2 , bci/php-fpm:latest Container Release : 36.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:20 +0200 (CEST) Subject: SUSE-CU-2024:3865-1: Recommended update of suse/postgres Message-ID: <20240826070420.9192AFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3865-1 Container Tags : suse/postgres:16 , suse/postgres:16-42.2 , suse/postgres:16.2 , suse/postgres:16.2-42.2 , suse/postgres:latest Container Release : 42.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:25 +0200 (CEST) Subject: SUSE-CU-2024:3866-1: Security update of bci/python Message-ID: <20240826070425.67F0CFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3866-1 Container Tags : bci/python:3 , bci/python:3-48.3 , bci/python:3.11 , bci/python:3.11-48.3 Container Release : 48.3 Severity : important Type : security References : 1225660 1226447 1226448 1227378 1227999 1228780 CVE-2023-27043 CVE-2024-0397 CVE-2024-4032 CVE-2024-6923 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2982-1 Released: Tue Aug 20 11:08:55 2024 Summary: Security update for python311 Type: security Severity: important References: 1225660,1226447,1226448,1227378,1227999,1228780,CVE-2023-27043,CVE-2024-0397,CVE-2024-4032,CVE-2024-6923 This update for python311 fixes the following issues: Security issues fixed: - CVE-2024-6923: Fixed email header injection due to unquoted newlines (bsc#1228780) - CVE-2024-5642: Removed support for anything but OpenSSL 1.1.1 or newer (bsc#1227233) - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448) Non-security issues fixed: - Fixed executable bits for /usr/bin/idle* (bsc#1227378). - Improve python reproducible builds (bsc#1227999) - Make pip and modern tools install directly in /usr/local when used by the user (bsc#1225660) - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999) The following package changes have been done: - libpython3_11-1_0-3.11.9-150600.3.3.1 updated - python311-base-3.11.9-150600.3.3.1 updated - python311-3.11.9-150600.3.3.1 updated - python311-devel-3.11.9-150600.3.3.1 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:44 +0200 (CEST) Subject: SUSE-CU-2024:3869-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20240826070444.6EA1FFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3869-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-42.2 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-42.2 , suse/rmt-mariadb-client:latest Container Release : 42.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:49 +0200 (CEST) Subject: SUSE-CU-2024:3870-1: Recommended update of suse/rmt-mariadb Message-ID: <20240826070449.13CA3FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3870-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-42.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-42.3 , suse/rmt-mariadb:latest Container Release : 42.3 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2971-1 Released: Tue Aug 20 08:13:06 2024 Summary: Recommended update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML Type: recommended Severity: moderate References: This update for perl-DBD-Pg, perl-DBD-SQLite, perl-DBI, perl-YAML-LibYAML fixes the following issues: perl-DBI was updated from version 1.642 to 1.643: - Updated Devel::PPPort and removed redundant compatibility macros - Correct minor typo in documentation - Correct documentation introducing $dbh->selectall_array() - Introduced select and do wrappers earlier in the documentation - Mark as deprecated old API functions which overflow or are affected by Unicode issues - Add new attribute RaiseWarn, similar to RaiseError perl-DBD-SQLite was updated from version 1.66 to 1.74: - Fixed disabling of __perllib_provides - Upgraded SQLite to 3.42.0 - Added missing possible table_type values to POD - Set UTF8CACHE to avoid slowdown with -DDEBUGGING - Lowercase datatype in table column metadata for back-compatibility - Fixed test failure on perl built with -DDEBUGGING - Improve sqlite_load_extension documentation - Add a feature to unregister a created function - Fixed accented characters in POD - Link embedded sqlite devel files to system files - Use the system sqlite rather than the built-in one - Fixed documentation to use the correct attribute with sqlite_ - Modify the fix to silence the sqlite_unicode warning not to check the attribute twice - Fix an encoding issue of naive - Made DBD_SQLITE_STRING_MODE constants exportable - Stop setting THREADSAFE=0 if perl has pthread (ie. 5.20+) - Fixed a memory leak in ::VirtualTable - Introduced 'string_mode' handle attribute to fix long-standing issues of sqlite_unicode - Added a dependency from dbdimp.o to the *.inc files included into dbdimp.c - Fixed an offset issue of VirtualTable - Fixed quadmath issues - Added sqlite_txn_state method to see internal state of the backend - Switched to XSLoader - Use quadmath_snprintf if USE_QUADMATH is defined - Use av_fetch instead of av_shift perl-DBD-Pg was update from version 3.10.4 to 3.18.0: - Support new PQclosePrepared function, added in Postgres 17 - Improved documentation about ping always returning a value - New database handle attribute pg_skip_deallocate Prevents any deallocation of automatically prepared statements to support new pgBouncer feature - Fix to handle escaped quotes in connection string - Return number of affected rows from a MERGE command - Added support for Github CI actions - Removed undocumented internal-only pg_pid_number attribute - Small warning in docs about PG_CHAR - Added new attribute 'pg_int8_as_string', for backwards compatibility. - Added a META.json file; rename META.yml to META.yaml - Fix 03smethod.t $sth->last_insert_id skip count for DBI < 1.642 - Documentation improvements for service files - Automatically use 64-bit versions of large object functions when available - Set UTF8 flag as needed for error messages - In tests, do not assume what the default transaction isolation level will be - Make tests smarter about detecting pg_ctl results in different locales - Adjust tests for the fact that reltuples can be -1 in Postgres version 13 and later. This is mostly reflected in the CARDINALITY column for $dbh->statistics_info. - Correctly pull back pg_async status from statement handle. Previously, $dbh->{pg_async} would return undef. - Remove the experimental 'fulltest' Makefile target. - The $dbh->primary_key_info and $dbh->foreign_key_info methods will now always return a statement handle, even with no matches. Previously, they returned undef directly. Callers can check if the returned handle contains any rows. - The $dbh->tables method will always return a list, even if it is empty. - Add pg_lo_tell64, pg_lo_seek64, and pg_lo_truncate64, for anyone dealing with really, really, really large 'large objects'. Requires Postgres 9.3 or better. - Allow test to run again when using a non-superuser to connect - Adjust tests to force loading proper version of DBD::Pg every time. - Removed the long-deprecated _pg_use_catalog method. - Many improvements and changes to the test suite. - Redo the 'last_result' internals in dbdimp.c, which fixes a memory leak. - Fixed regression in Perl length() for returned query results - Make $sth->finish() do a little less. Notably, even after calling finish(), pg_error_field will still work on the last action performed. - Tweak tests so Windows boxes pass - Run tests in verbose mode - Prevent DBI from flipping AutoCommit to 'on' after a failed commit - Revert overly aggressive testing shortcut as it can cause installs to fail - Return the table info row last in statistics_info. This fixes statistics_info on pre-8.3 servers. - Fixed ASC_OR_DESC field in statistics_info - Indicate NULL ordering in statistics_info - Adjust Makefile to fix failing 'fulltest' target on BSD systems - Indicate non-key index columns (INCLUDE) in statistics_info - Return an empty result set instead of undef from statistics_info when the requested table doesn't exist and $unique_only is false. - Fixed segfault during st destroy - Improved testing for table_info() - Improved UTF-8 wording in documentaion perl-YAML-LibYAML was updated to version 0.89: - Breaking Change: Set $YAML::XS::LoadBlessed default to false to make it more secure - Fixed disabling of __perllib_provides - Recognise core booleans on Perl 5.36+ at dump time - Fixed YAML::XS pod in cpanminus - Convert doc from Swim to Markdown - Added option ForbidDuplicateKeys - Recognize tied variables - Updated libyaml sources to 0.2.4. Changes affecting YAML::XS are - Output '...' at the stream end after a block scalar with trailing empty lines - Accept '%YAML 1.2' directives (they are ignored and do not change behaviour though) - Fix memory leak when loading invalid YAML - Support aliasing scalars resolved as null or booleans - Add YAML::XS::LibYAML::libyaml_version() - Support standard !!int/!!float tags instead of dying - Fixed double free/core dump when Dump()ing binary data - Update config.h from libyaml - Update libyaml to version 0.2.2. Most important change for users is that plain urls in flow style can be parsed now. Example: `[ http://yaml.org]`. - Added $Indent - number of spaces when dumping - Implemented $LoadCode - Update to libyaml 0.2.1. It's forbidden now to escape single quotes inside double quotes - When disabling $LoadBlessed, return scalars not refs - Save anchors also for blessed scalars - Fixed format specifier/argument mismatch - Fixed a C90-compatibility issue - Prevent warning about unused variables The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - perl-DBI-1.643-150600.12.3.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:04:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:04:54 +0200 (CEST) Subject: SUSE-CU-2024:3871-1: Recommended update of bci/ruby Message-ID: <20240826070454.5FEFCFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3871-1 Container Tags : bci/ruby:2 , bci/ruby:2-22.4 , bci/ruby:2.5 , bci/ruby:2.5-22.4 , bci/ruby:latest Container Release : 22.4 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:05:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:05:06 +0200 (CEST) Subject: SUSE-CU-2024:3874-1: Recommended update of containers/apache-tomcat Message-ID: <20240826070506.D6876FBA3@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3874-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-43.2 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-43.2 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-43.2 Container Release : 43.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:micro-image-15.6.0-47.11.8 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:05:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:05:19 +0200 (CEST) Subject: SUSE-CU-2024:3875-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20240826070519.20874FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3875-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.23.2 , bci/bci-sle15-kernel-module-devel:latest Container Release : 23.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:05:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:05:27 +0200 (CEST) Subject: SUSE-CU-2024:3876-1: Recommended update of suse/sle15 Message-ID: <20240826070527.3FD62FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3876-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.8 , suse/sle15:15.6 , suse/sle15:15.6.47.11.8 Container Release : 47.11.8 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated From sle-container-updates at lists.suse.com Mon Aug 26 07:05:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 26 Aug 2024 09:05:31 +0200 (CEST) Subject: SUSE-CU-2024:3877-1: Recommended update of bci/spack Message-ID: <20240826070531.AC293FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3877-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-6.2 , bci/spack:0.21.2 , bci/spack:0.21.2-6.2 , bci/spack:latest Container Release : 6.2 Severity : moderate Type : recommended References : 1194818 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:01:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 08 Aug 2024 07:01:19 -0000 Subject: SUSE-IU-2024:718-1: Security update of suse-sles-15-sp6-chost-byos-v20240807-hvm-ssd-x86_64 Message-ID: <20240808070116.A15F0FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240807-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:718-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240807-hvm-ssd-x86_64:20240807 Image Release : Severity : important Type : security References : 1027519 1141157 1186716 1194869 1195775 1204562 1208690 1209834 1214718 1214960 1215199 1215587 1217481 1217912 1218215 1218442 1218442 1218730 1218820 1219004 1219224 1219478 1219559 1219596 1219633 1219832 1219847 1219953 1220138 1220427 1220430 1220664 1220942 1221057 1221086 1221563 1221647 1221654 1221656 1221659 1221777 1221854 1221958 1221984 1222011 1222015 1222075 1222075 1222080 1222241 1222326 1222328 1222380 1222438 1222463 1222588 1222617 1222619 1222768 1222775 1222779 1222809 1222810 1222893 1222899 1223010 1223018 1223021 1223107 1223265 1223336 1223570 1223731 1223740 1223778 1223804 1223806 1223807 1223813 1223815 1223836 1223863 1224049 1224187 1224392 1224414 1224422 1224439 1224490 1224497 1224498 1224499 1224512 1224515 1224516 1224520 1224523 1224539 1224540 1224544 1224545 1224549 1224572 1224575 1224583 1224584 1224589 1224604 1224606 1224612 1224614 1224619 1224636 1224641 1224655 1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224743 1224751 1224759 1224767 1224928 1224930 1224932 1224933 1224935 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992 1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085 1225086 1225088 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225172 1225180 1225272 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225489 1225490 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225594 1225595 1225599 1225600 1225601 1225602 1225605 1225609 1225611 1225681 1225702 1225711 1225717 1225719 1225723 1225726 1225731 1225732 1225737 1225741 1225744 1225745 1225746 1225752 1225753 1225757 1225758 1225759 1225760 1225761 1225762 1225763 1225767 1225770 1225805 1225810 1225815 1225820 1225823 1225827 1225830 1225834 1225835 1225839 1225840 1225843 1225847 1225851 1225856 1225866 1225872 1225894 1225895 1225896 1225898 1225903 1225904 1225953 1225976 1226022 1226125 1226128 1226131 1226145 1226149 1226155 1226158 1226163 1226202 1226211 1226212 1226213 1226226 1226412 1226447 1226448 1226457 1226463 1226469 1226502 1226503 1226513 1226514 1226519 1226520 1226529 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226664 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226783 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226866 1226867 1226868 1226875 1226876 1226878 1226879 1226883 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226915 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226993 1226994 1226995 1226996 1227066 1227067 1227072 1227085 1227089 1227090 1227096 1227101 1227103 1227106 1227138 1227149 1227190 1227282 1227318 1227350 1227355 1227362 1227363 1227383 1227429 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227456 1227487 1227573 1227574 1227626 1227681 1227711 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227888 1227899 1227910 1227913 1227926 1228090 1228192 1228193 1228211 1228255 1228256 1228257 1228258 1228269 1228289 1228322 1228327 1228328 1228403 1228405 1228408 1228417 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2021-47432 CVE-2022-48772 CVE-2023-38417 CVE-2023-46842 CVE-2023-47210 CVE-2023-51385 CVE-2023-51780 CVE-2023-52425 CVE-2023-52435 CVE-2023-52472 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52751 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52773 CVE-2023-52774 CVE-2023-52775 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883 CVE-2023-52884 CVE-2024-0397 CVE-2024-0450 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-25741 CVE-2024-26482 CVE-2024-26615 CVE-2024-26623 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26663 CVE-2024-26665 CVE-2024-26676 CVE-2024-26691 CVE-2024-26734 CVE-2024-26750 CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26785 CVE-2024-26813 CVE-2024-26814 CVE-2024-26826 CVE-2024-26845 CVE-2024-26863 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-27012 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27064 CVE-2024-27065 CVE-2024-27402 CVE-2024-27404 CVE-2024-27414 CVE-2024-27419 CVE-2024-31143 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35805 CVE-2024-35807 CVE-2024-35827 CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35853 CVE-2024-35854 CVE-2024-35857 CVE-2024-35880 CVE-2024-35884 CVE-2024-35886 CVE-2024-35890 CVE-2024-35892 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35908 CVE-2024-35925 CVE-2024-35926 CVE-2024-35934 CVE-2024-35942 CVE-2024-35957 CVE-2024-35962 CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36003 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887 CVE-2024-36889 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36903 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36922 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36930 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36952 CVE-2024-36955 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36974 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-37891 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38604 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38659 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39276 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-39894 CVE-2024-4032 CVE-2024-4076 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240807-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2531-1 Released: Tue Jul 16 14:12:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1225953,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2571-1 Released: Mon Jul 22 12:34:16 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1 225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677 7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE- 2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52 871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE -2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3 8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2636-1 Released: Tue Jul 30 09:14:22 2024 Summary: Security update for bind Type: security Severity: important References: 1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response???s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:27 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2695-1 Released: Thu Aug 1 15:06:12 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2747-1 Released: Mon Aug 5 18:14:40 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2788-1 Released: Tue Aug 6 15:50:29 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1227574 This update for sudo fixes the following issue: - Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2802-1 Released: Wed Aug 7 09:46:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1215199,1215587,1218442,1218730,1218820,1219832,1220138,1220427,1220430,1220942,1221057,1221647,1221654,1221656,1221659,1222326,1222328,1222438,1222463,1222768,1222775,1222779,1222893,1223010,1223021,1223570,1223731,1223740,1223778,1223804,1223806,1223807,1223813,1223815,1223836,1223863,1224414,1224422,1224490,1224499,1224512,1224516,1224544,1224545,1224589,1224604,1224636,1224641,1224743,1224767,1225088,1225172,1225272,1225489,1225600,1225601,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225805,1225810,1225830,1225835,1225839,1225840,1225843,1225847,1225851,1225856,1225894,1225895,1225896,1226202,1226213,1226502,1226519,1226750,1226757,1226783,1226866,1226883,1226915,1226993,1227103,1227149,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1 227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52435,CVE-2023-52472,CVE-2023-52751,CVE-2023-52775,CVE-2024-25741,CVE-2024-26615,CVE-2024-26623,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26663,CVE-2024-26665,CVE-2024-26691,CVE-2024-26734,CVE-2024-26785,CVE-2024-26826,CVE-2024-26863,CVE-2024-26944,CVE-2024-27012,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27064,CVE-2024-27065,CVE-2024-27402,CVE-2024-27404,CVE-2024-35805,CVE-2024-35853,CVE-2024-35854,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35908,CVE-2024-35934,CVE-2024-35942,CVE-2024-36003,CVE-2024-36004,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-3 6922,CVE-2024-36930,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38558,CVE-2024-38586,CVE-2024-38598,CVE-2024-38604,CVE-2024-38659,CVE-2024-39276,CVE-2024-39468,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - bind-utils-9.18.28-150600.3.3.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-059+suse.527.g7870f083-150600.3.3.2 updated - kernel-default-6.4.0-150600.23.17.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.6.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - openssh-common-9.6p1-150600.6.9.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-9.6p1-150600.6.9.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - permissions-20240801-150600.10.4.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-lxml-4.9.1-150500.3.4.3 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150600.17.6.1 updated - sudo-1.9.15p5-150600.3.6.2 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150600.3.5.3 updated - systemd-254.15-150600.4.8.1 updated - udev-254.15-150600.4.8.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - wicked-0.6.76-150600.11.9.1 updated - xen-libs-4.18.2_06-150600.3.3.1 updated - xen-tools-domU-4.18.2_06-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 07:01:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 08 Aug 2024 07:01:21 -0000 Subject: SUSE-IU-2024:719-1: Security update of sles-15-sp6-chost-byos-v20240807-arm64 Message-ID: <20240808070118.EDF0CFBA1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20240807-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:719-1 Image Tags : sles-15-sp6-chost-byos-v20240807-arm64:20240807 Image Release : Severity : important Type : security References : 1027519 1141157 1186716 1194869 1195775 1204562 1208690 1209834 1214718 1214960 1215199 1215587 1217481 1217912 1218215 1218442 1218442 1218730 1218820 1219004 1219224 1219478 1219559 1219596 1219633 1219832 1219847 1219953 1220138 1220427 1220430 1220664 1220942 1221057 1221086 1221563 1221647 1221654 1221656 1221659 1221777 1221854 1221958 1221984 1222011 1222015 1222075 1222075 1222080 1222241 1222326 1222328 1222380 1222438 1222463 1222588 1222617 1222619 1222768 1222775 1222779 1222809 1222810 1222893 1222899 1223010 1223018 1223021 1223107 1223265 1223336 1223570 1223731 1223740 1223778 1223804 1223806 1223807 1223813 1223815 1223836 1223863 1224049 1224187 1224392 1224414 1224422 1224439 1224490 1224497 1224498 1224499 1224512 1224515 1224516 1224520 1224523 1224539 1224540 1224544 1224545 1224549 1224572 1224575 1224583 1224584 1224589 1224604 1224606 1224612 1224614 1224619 1224636 1224641 1224655 1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224743 1224751 1224759 1224767 1224928 1224930 1224932 1224933 1224935 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992 1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085 1225086 1225088 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225172 1225180 1225272 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225489 1225490 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225594 1225595 1225599 1225600 1225601 1225602 1225605 1225609 1225611 1225681 1225702 1225711 1225717 1225719 1225723 1225726 1225731 1225732 1225737 1225741 1225744 1225745 1225746 1225752 1225753 1225757 1225758 1225759 1225760 1225761 1225762 1225763 1225767 1225770 1225805 1225810 1225815 1225820 1225823 1225827 1225830 1225834 1225835 1225839 1225840 1225843 1225847 1225851 1225856 1225866 1225872 1225894 1225895 1225896 1225898 1225903 1225904 1225953 1225976 1226022 1226125 1226128 1226131 1226145 1226149 1226155 1226158 1226163 1226197 1226202 1226211 1226212 1226213 1226216 1226226 1226412 1226447 1226448 1226457 1226463 1226469 1226502 1226503 1226513 1226514 1226519 1226520 1226529 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226664 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226783 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226866 1226867 1226868 1226875 1226876 1226878 1226879 1226883 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226915 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226993 1226994 1226995 1226996 1227066 1227067 1227072 1227085 1227089 1227090 1227096 1227101 1227103 1227106 1227138 1227149 1227190 1227282 1227318 1227350 1227355 1227362 1227363 1227383 1227429 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227456 1227487 1227573 1227574 1227626 1227681 1227711 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227888 1227899 1227910 1227913 1227926 1228090 1228192 1228193 1228211 1228255 1228256 1228257 1228258 1228269 1228289 1228322 1228327 1228328 1228376 1228403 1228405 1228408 1228417 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2021-47432 CVE-2022-48772 CVE-2023-38417 CVE-2023-46842 CVE-2023-47210 CVE-2023-51385 CVE-2023-51780 CVE-2023-52425 CVE-2023-52435 CVE-2023-52472 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52751 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52773 CVE-2023-52774 CVE-2023-52775 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883 CVE-2023-52884 CVE-2024-0397 CVE-2024-0450 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-25741 CVE-2024-26482 CVE-2024-26615 CVE-2024-26623 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26663 CVE-2024-26665 CVE-2024-26676 CVE-2024-26691 CVE-2024-26734 CVE-2024-26750 CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26785 CVE-2024-26813 CVE-2024-26814 CVE-2024-26826 CVE-2024-26845 CVE-2024-26863 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-27012 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27064 CVE-2024-27065 CVE-2024-27402 CVE-2024-27404 CVE-2024-27414 CVE-2024-27419 CVE-2024-31143 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35805 CVE-2024-35807 CVE-2024-35827 CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35853 CVE-2024-35854 CVE-2024-35857 CVE-2024-35880 CVE-2024-35884 CVE-2024-35886 CVE-2024-35890 CVE-2024-35892 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35908 CVE-2024-35925 CVE-2024-35926 CVE-2024-35934 CVE-2024-35942 CVE-2024-35957 CVE-2024-35962 CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36003 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887 CVE-2024-36889 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36903 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36922 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36930 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36952 CVE-2024-36955 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36974 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-37891 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38604 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38659 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39276 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-39894 CVE-2024-4032 CVE-2024-4076 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20240807-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2531-1 Released: Tue Jul 16 14:12:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1225953,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2571-1 Released: Mon Jul 22 12:34:16 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1 225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677 7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE- 2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52 871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE -2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3 8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2636-1 Released: Tue Jul 30 09:14:22 2024 Summary: Security update for bind Type: security Severity: important References: 1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response???s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:27 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2695-1 Released: Thu Aug 1 15:06:12 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2747-1 Released: Mon Aug 5 18:14:40 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2781-1 Released: Tue Aug 6 14:39:15 2024 Summary: Recommended update for libnvme, nvme-cli Type: recommended Severity: moderate References: 1226197,1226216,1228376 This update for libnvme, nvme-cli fixes the following issues: - Version updates: * linux: update TLS version 1 PSK derivation (bsc#1228376) * linux: add nvme_revoke_tls_key (bsc#1226197) * test: add hostnqn lookup test (bsc#1226216) * test: add config-pcie-with-tcp-config test case (bsc#1226216) * test: add config dump test (bsc#1226216) * test: revamp sysfs tree dump test (bsc#1226216) * test: use diff to compare sysfs output (bsc#1226216) * tree: preserve parsing order of a config file (bsc#1226216) * tree: add helper to lookup hostnqn/hostid (bsc#1226216) * json: filter out pcie transport (bsc#1226216) * fabrics: connect all hosts in config.json (bsc#1226216) * fabrics: refactor discover from json config (bsc#1226216) * fabrics: first read config before topology scanning (bsc#1226216) * fabrics: use helper to lookup default hostnqn/hostid (bsc#1226216) * fabrics: extend already connected message (bsc#1226216) * fabrics: Always pass hostid and hostnqn (bsc#1226216) * fabrics: Make some symbols public (bsc#1226216) * fabrics: extend hostnqn/hostid variable inject interface (bsc#1226216) * doc: add tls-key --revoke documentation (bsc#1226197) * doc: fix tls-key --keyfile shorthand (bsc#1226197) * build: sort documentation files entries (bsc#1226197) * nvme: avoid segfault in show-topology (bsc#1226197) * nvme: add support to revoke TLS key (bsc#1226197) * nvme: return error code/message for TLS commands (bsc#1226197) * nvme: factor out import key function (bsc#1226197) * nvme: use cleanup helper to close file descriptor (bsc#1226216) * nvme: use cleanup helper for STREAM objects (bsc#1226216) * nvme: strip newline when parsing TLS key files (bsc#1226197) * nvme: use stdout for exporting TLS keys (bsc#1226197) * nvme: change _cleanup_file_ to _cleanup_fd_ (bsc#1226197) * nvme: use cleanup helper for nvme_root_t objects (bsc#1226197) * nvme: add new function 'tls_key' (bsc#1226197) * libnvme: Introduce functions to generate host identifier and host NQN (bsc#1226216) * libnvme: add missing symbol nvme_scan_tls_keys (bsc#1226197) * completion: add support for tls-key (bsc#1226197) * completions: Fix bash-nvme-completion.sh indentation errors (bsc#1226197) - Always build documentation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2788-1 Released: Tue Aug 6 15:50:29 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1227574 This update for sudo fixes the following issue: - Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2802-1 Released: Wed Aug 7 09:46:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1215199,1215587,1218442,1218730,1218820,1219832,1220138,1220427,1220430,1220942,1221057,1221647,1221654,1221656,1221659,1222326,1222328,1222438,1222463,1222768,1222775,1222779,1222893,1223010,1223021,1223570,1223731,1223740,1223778,1223804,1223806,1223807,1223813,1223815,1223836,1223863,1224414,1224422,1224490,1224499,1224512,1224516,1224544,1224545,1224589,1224604,1224636,1224641,1224743,1224767,1225088,1225172,1225272,1225489,1225600,1225601,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225805,1225810,1225830,1225835,1225839,1225840,1225843,1225847,1225851,1225856,1225894,1225895,1225896,1226202,1226213,1226502,1226519,1226750,1226757,1226783,1226866,1226883,1226915,1226993,1227103,1227149,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1 227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52435,CVE-2023-52472,CVE-2023-52751,CVE-2023-52775,CVE-2024-25741,CVE-2024-26615,CVE-2024-26623,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26663,CVE-2024-26665,CVE-2024-26691,CVE-2024-26734,CVE-2024-26785,CVE-2024-26826,CVE-2024-26863,CVE-2024-26944,CVE-2024-27012,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27064,CVE-2024-27065,CVE-2024-27402,CVE-2024-27404,CVE-2024-35805,CVE-2024-35853,CVE-2024-35854,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35908,CVE-2024-35934,CVE-2024-35942,CVE-2024-36003,CVE-2024-36004,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-3 6922,CVE-2024-36930,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38558,CVE-2024-38586,CVE-2024-38598,CVE-2024-38604,CVE-2024-38659,CVE-2024-39276,CVE-2024-39468,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - bind-utils-9.18.28-150600.3.3.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-059+suse.527.g7870f083-150600.3.3.2 updated - google-guest-agent-20240314.00-150400.1.48.7 updated - google-guest-configs-20240307.00-150400.13.11.6 updated - google-guest-oslogin-20240311.00-150400.1.45.7 updated - google-osconfig-agent-20240320.00-150400.1.35.7 updated - growpart-rootgrow-1.0.7-150400.1.14.7 updated - kernel-default-6.4.0-150600.23.17.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libnvme-mi1-1.8+39.ge289971-150600.3.3.2 updated - libnvme1-1.8+39.ge289971-150600.3.3.2 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.6.1 updated - nvme-cli-2.8+43.g1d9dae6-150600.3.3.2 updated - openssh-clients-9.6p1-150600.6.9.1 updated - openssh-common-9.6p1-150600.6.9.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-9.6p1-150600.6.9.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - permissions-20240801-150600.10.4.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-lxml-4.9.1-150500.3.4.3 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150600.17.6.1 updated - sudo-1.9.15p5-150600.3.6.2 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150600.3.5.3 updated - systemd-254.15-150600.4.8.1 updated - udev-254.15-150600.4.8.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - wicked-0.6.76-150600.11.9.1 updated - xen-libs-4.18.2_06-150600.3.3.1 updated From sle-container-updates at lists.suse.com Fri Aug 9 07:01:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 09 Aug 2024 07:01:15 -0000 Subject: SUSE-IU-2024:731-1: Security update of suse-sles-15-sp6-chost-byos-v20240807-x86_64-gen2 Message-ID: <20240809070114.770B3F78C@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240807-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:731-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240807-x86_64-gen2:20240807 Image Release : Severity : important Type : security References : 1027519 1141157 1186716 1194869 1195775 1204562 1208690 1209834 1214718 1214960 1215199 1215587 1217481 1217912 1218215 1218442 1218442 1218730 1218820 1219004 1219224 1219478 1219559 1219596 1219633 1219832 1219847 1219953 1220138 1220427 1220430 1220664 1220942 1221057 1221086 1221563 1221647 1221654 1221656 1221659 1221777 1221854 1221958 1221984 1222011 1222015 1222075 1222075 1222080 1222241 1222326 1222328 1222380 1222438 1222463 1222588 1222617 1222619 1222768 1222775 1222779 1222809 1222810 1222893 1222899 1223010 1223018 1223021 1223107 1223265 1223336 1223570 1223731 1223740 1223778 1223804 1223806 1223807 1223813 1223815 1223836 1223863 1224049 1224187 1224392 1224414 1224422 1224439 1224490 1224497 1224498 1224499 1224512 1224515 1224516 1224520 1224523 1224539 1224540 1224544 1224545 1224549 1224572 1224575 1224583 1224584 1224589 1224604 1224606 1224612 1224614 1224619 1224636 1224641 1224655 1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224743 1224751 1224759 1224767 1224928 1224930 1224932 1224933 1224935 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992 1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085 1225086 1225088 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225172 1225180 1225272 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225489 1225490 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225594 1225595 1225599 1225600 1225601 1225602 1225605 1225609 1225611 1225681 1225702 1225711 1225717 1225719 1225723 1225726 1225731 1225732 1225737 1225741 1225744 1225745 1225746 1225752 1225753 1225757 1225758 1225759 1225760 1225761 1225762 1225763 1225767 1225770 1225805 1225810 1225815 1225820 1225823 1225827 1225830 1225834 1225835 1225839 1225840 1225843 1225847 1225851 1225856 1225866 1225872 1225894 1225895 1225896 1225898 1225903 1225904 1225953 1225976 1226022 1226125 1226128 1226131 1226145 1226149 1226155 1226158 1226163 1226202 1226211 1226212 1226213 1226226 1226412 1226447 1226448 1226457 1226463 1226469 1226502 1226503 1226513 1226514 1226519 1226520 1226529 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226664 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226783 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226866 1226867 1226868 1226875 1226876 1226878 1226879 1226883 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226915 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226993 1226994 1226995 1226996 1227066 1227067 1227072 1227085 1227089 1227090 1227096 1227101 1227103 1227106 1227138 1227149 1227190 1227282 1227318 1227350 1227355 1227362 1227363 1227383 1227429 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227456 1227487 1227573 1227574 1227626 1227681 1227711 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227888 1227899 1227910 1227913 1227926 1228090 1228192 1228193 1228211 1228255 1228256 1228257 1228258 1228269 1228289 1228322 1228327 1228328 1228403 1228405 1228408 1228417 1228535 1228548 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2021-47432 CVE-2022-48772 CVE-2023-38417 CVE-2023-46842 CVE-2023-47210 CVE-2023-51385 CVE-2023-51780 CVE-2023-52425 CVE-2023-52435 CVE-2023-52472 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52751 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52773 CVE-2023-52774 CVE-2023-52775 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883 CVE-2023-52884 CVE-2024-0397 CVE-2024-0450 CVE-2024-0760 CVE-2024-1737 CVE-2024-1975 CVE-2024-25741 CVE-2024-26482 CVE-2024-26615 CVE-2024-26623 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26663 CVE-2024-26665 CVE-2024-26676 CVE-2024-26691 CVE-2024-26734 CVE-2024-26750 CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26785 CVE-2024-26813 CVE-2024-26814 CVE-2024-26826 CVE-2024-26845 CVE-2024-26863 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-27012 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27064 CVE-2024-27065 CVE-2024-27402 CVE-2024-27404 CVE-2024-27414 CVE-2024-27419 CVE-2024-31143 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35805 CVE-2024-35807 CVE-2024-35827 CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35853 CVE-2024-35854 CVE-2024-35857 CVE-2024-35880 CVE-2024-35884 CVE-2024-35886 CVE-2024-35890 CVE-2024-35892 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35908 CVE-2024-35925 CVE-2024-35926 CVE-2024-35934 CVE-2024-35942 CVE-2024-35957 CVE-2024-35962 CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36003 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887 CVE-2024-36889 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36903 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36922 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36930 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36952 CVE-2024-36955 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36974 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-37891 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38604 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38659 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39276 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-39894 CVE-2024-4032 CVE-2024-4076 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 CVE-2024-5535 CVE-2024-6197 CVE-2024-7264 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240807-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2531-1 Released: Tue Jul 16 14:12:12 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1225953,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2571-1 Released: Mon Jul 22 12:34:16 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1 225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677 7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE- 2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52 871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE -2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3 8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2636-1 Released: Tue Jul 30 09:14:22 2024 Summary: Security update for bind Type: security Severity: important References: 1228255,1228256,1228257,1228258,CVE-2024-0760,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to release 9.18.28 Security fixes: - CVE-2024-0760: Fixed a flood of DNS messages over TCP may make the server unstable (bsc#1228255) - CVE-2024-1737: Fixed BIND's database will be slow if a very large number of RRs exist at the same name (bsc#1228256) - CVE-2024-1975: Fixed SIG(0) can be used to exhaust CPU resources (bsc#1228257) - CVE-2024-4076: Fixed assertion failure when serving both stale cache data and authoritative zone content (bsc#1228258) Changelog: * Command-line options for IPv4-only (named -4) and IPv6-only (named -6) modes are now respected for zone primaries, also-notify, and parental-agents. * An RPZ response???s SOA record TTL was set to 1 instead of the SOA TTL, if add-soa was used. This has been fixed. * When a query related to zone maintenance (NOTIFY, SOA) timed out close to a view shutdown (triggered e.g. by rndc reload), named could crash with an assertion failure. This has been fixed. * The statistics channel counters that indicated the number of currently connected TCP IPv4/IPv6 clients were not properly adjusted in certain failure scenarios. This has been fixed. * Some servers that could not be reached due to EHOSTDOWN or ENETDOWN conditions were incorrectly prioritized during server selection. These are now properly handled as unreachable. * On some systems the libuv call may return an error code when sending a TCP reset for a connection, which triggers an assertion failure in named. This error condition is now dealt with in a more graceful manner, by logging the incident and shutting down the connection. * Changes to listen-on statements were ignored on reconfiguration unless the port or interface address was changed, making it impossible to change a related listener transport type. That issue has been fixed. * A bug in the keymgr code unintentionally slowed down some DNSSEC key rollovers. This has been fixed. * Some ISO 8601 durations were accepted erroneously, leading to shorter durations than expected. This has been fixed * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * A new option signatures-jitter has been added to dnssec-policy to allow signature expirations to be spread out over a period of time. * The statistics channel now includes counters that indicate the number of currently connected TCP IPv4/IPv6 clients. * Added RESOLVER.ARPA to the built in empty zones. Feature Changes: * DNSSEC signatures that are not valid because the current time falls outside the signature inception and expiration dates are skipped instead of causing an immediate validation failure. Security Fixes: * A malicious DNS client that sent many queries over TCP but never read the responses could cause a server to respond slowly or not at all for other clients. This has been fixed. (CVE-2024-0760) * It is possible to craft excessively large resource records sets, which have the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-records-per-type option. * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975) * Due to a logic error, lookups that triggered serving stale data and required lookups in local authoritative zone data could have resulted in an assertion failure. This has been fixed. * Potential data races were found in our DoH implementation, related to HTTP/2 session object management and endpoints set object management after reconfiguration. These issues have been fixed. * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2677-1 Released: Wed Jul 31 06:58:52 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:27 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2695-1 Released: Thu Aug 1 15:06:12 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2747-1 Released: Mon Aug 5 18:14:40 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2779-1 Released: Tue Aug 6 14:35:49 2024 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1228548 This update for permissions fixes the following issue: * cockpit: moved setuid executable (bsc#1228548) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2784-1 Released: Tue Aug 6 14:58:38 2024 Summary: Security update for curl Type: security Severity: important References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2788-1 Released: Tue Aug 6 15:50:29 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1227574 This update for sudo fixes the following issue: - Fix Wrong permissions on /usr/share/polkit-1/rules.d (bsc#1227574). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:06 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2802-1 Released: Wed Aug 7 09:46:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1215199,1215587,1218442,1218730,1218820,1219832,1220138,1220427,1220430,1220942,1221057,1221647,1221654,1221656,1221659,1222326,1222328,1222438,1222463,1222768,1222775,1222779,1222893,1223010,1223021,1223570,1223731,1223740,1223778,1223804,1223806,1223807,1223813,1223815,1223836,1223863,1224414,1224422,1224490,1224499,1224512,1224516,1224544,1224545,1224589,1224604,1224636,1224641,1224743,1224767,1225088,1225172,1225272,1225489,1225600,1225601,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225805,1225810,1225830,1225835,1225839,1225840,1225843,1225847,1225851,1225856,1225894,1225895,1225896,1226202,1226213,1226502,1226519,1226750,1226757,1226783,1226866,1226883,1226915,1226993,1227103,1227149,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1 227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52435,CVE-2023-52472,CVE-2023-52751,CVE-2023-52775,CVE-2024-25741,CVE-2024-26615,CVE-2024-26623,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26663,CVE-2024-26665,CVE-2024-26691,CVE-2024-26734,CVE-2024-26785,CVE-2024-26826,CVE-2024-26863,CVE-2024-26944,CVE-2024-27012,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27064,CVE-2024-27065,CVE-2024-27402,CVE-2024-27404,CVE-2024-35805,CVE-2024-35853,CVE-2024-35854,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35908,CVE-2024-35934,CVE-2024-35942,CVE-2024-36003,CVE-2024-36004,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-3 6922,CVE-2024-36930,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38558,CVE-2024-38586,CVE-2024-38598,CVE-2024-38604,CVE-2024-38659,CVE-2024-39276,CVE-2024-39468,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - bind-utils-9.18.28-150600.3.3.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-059+suse.527.g7870f083-150600.3.3.2 updated - kernel-default-6.4.0-150600.23.17.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcurl4-8.6.0-150600.4.3.1 updated - libgpgme11-1.23.0-150600.3.2.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.6.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - openssh-common-9.6p1-150600.6.9.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-9.6p1-150600.6.9.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - permissions-20240801-150600.10.4.1 updated - python-azure-agent-config-server-2.9.1.1-150400.3.41.1 updated - python-azure-agent-2.9.1.1-150400.3.41.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-lxml-4.9.1-150500.3.4.3 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150600.17.6.1 updated - sudo-1.9.15p5-150600.3.6.2 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150600.3.5.3 updated - systemd-254.15-150600.4.8.1 updated - udev-254.15-150600.4.8.1 updated - wicked-service-0.6.76-150600.11.9.1 updated - wicked-0.6.76-150600.11.9.1 updated - xen-libs-4.18.2_06-150600.3.3.1 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:21:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 08 Aug 2024 16:21:12 -0000 Subject: SUSE-CU-2024:3557-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240808160149.AC9A3FFBC@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3557-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.19.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 19.5 Severity : important Type : security References : 1194869 1215199 1215587 1218442 1218730 1218820 1219832 1220138 1220427 1220430 1220942 1221057 1221647 1221654 1221656 1221659 1222326 1222328 1222438 1222463 1222768 1222775 1222779 1222893 1223010 1223021 1223570 1223731 1223740 1223778 1223804 1223806 1223807 1223813 1223815 1223836 1223863 1224414 1224422 1224490 1224499 1224512 1224516 1224544 1224545 1224589 1224604 1224636 1224641 1224743 1224767 1225088 1225172 1225272 1225489 1225600 1225601 1225711 1225717 1225719 1225744 1225745 1225746 1225752 1225753 1225757 1225805 1225810 1225830 1225835 1225839 1225840 1225843 1225847 1225851 1225856 1225894 1225895 1225896 1226202 1226213 1226502 1226519 1226750 1226757 1226783 1226866 1226883 1226915 1226993 1227103 1227149 1227282 1227362 1227363 1227383 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227487 1227573 1227626 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227899 1227910 1227913 1227926 1228090 1228192 1228193 1228211 1228269 1228289 1228327 1228328 1228403 1228405 1228408 1228417 1228770 CVE-2013-4235 CVE-2023-38417 CVE-2023-47210 CVE-2023-51780 CVE-2023-52435 CVE-2023-52472 CVE-2023-52751 CVE-2023-52775 CVE-2024-25741 CVE-2024-26615 CVE-2024-26623 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26663 CVE-2024-26665 CVE-2024-26691 CVE-2024-26734 CVE-2024-26785 CVE-2024-26826 CVE-2024-26863 CVE-2024-26944 CVE-2024-27012 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27064 CVE-2024-27065 CVE-2024-27402 CVE-2024-27404 CVE-2024-35805 CVE-2024-35853 CVE-2024-35854 CVE-2024-35890 CVE-2024-35893 CVE-2024-35899 CVE-2024-35908 CVE-2024-35934 CVE-2024-35942 CVE-2024-36003 CVE-2024-36004 CVE-2024-36889 CVE-2024-36901 CVE-2024-36902 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36922 CVE-2024-36930 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36955 CVE-2024-36959 CVE-2024-36974 CVE-2024-38558 CVE-2024-38586 CVE-2024-38598 CVE-2024-38604 CVE-2024-38659 CVE-2024-39276 CVE-2024-39468 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2802-1 Released: Wed Aug 7 09:46:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1215199,1215587,1218442,1218730,1218820,1219832,1220138,1220427,1220430,1220942,1221057,1221647,1221654,1221656,1221659,1222326,1222328,1222438,1222463,1222768,1222775,1222779,1222893,1223010,1223021,1223570,1223731,1223740,1223778,1223804,1223806,1223807,1223813,1223815,1223836,1223863,1224414,1224422,1224490,1224499,1224512,1224516,1224544,1224545,1224589,1224604,1224636,1224641,1224743,1224767,1225088,1225172,1225272,1225489,1225600,1225601,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225805,1225810,1225830,1225835,1225839,1225840,1225843,1225847,1225851,1225856,1225894,1225895,1225896,1226202,1226213,1226502,1226519,1226750,1226757,1226783,1226866,1226883,1226915,1226993,1227103,1227149,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1 227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52435,CVE-2023-52472,CVE-2023-52751,CVE-2023-52775,CVE-2024-25741,CVE-2024-26615,CVE-2024-26623,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26663,CVE-2024-26665,CVE-2024-26691,CVE-2024-26734,CVE-2024-26785,CVE-2024-26826,CVE-2024-26863,CVE-2024-26944,CVE-2024-27012,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27064,CVE-2024-27065,CVE-2024-27402,CVE-2024-27404,CVE-2024-35805,CVE-2024-35853,CVE-2024-35854,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35908,CVE-2024-35934,CVE-2024-35942,CVE-2024-36003,CVE-2024-36004,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-3 6922,CVE-2024-36930,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38558,CVE-2024-38586,CVE-2024-38598,CVE-2024-38604,CVE-2024-38659,CVE-2024-39276,CVE-2024-39468,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated - kernel-macros-6.4.0-150600.23.17.1 updated - kernel-devel-6.4.0-150600.23.17.1 updated - kernel-default-devel-6.4.0-150600.23.17.1 updated - kernel-syms-6.4.0-150600.23.17.1 updated - container:sles15-image-15.6.0-47.11.5 updated From sle-container-updates at lists.suse.com Thu Aug 8 16:31:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 08 Aug 2024 16:31:34 -0000 Subject: SUSE-CU-2024:3523-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240808155422.6ED6AFE99@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3523-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.15 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.15 Severity : important Type : security References : 1194869 1215199 1215587 1218442 1218730 1218820 1219832 1220138 1220427 1220430 1220942 1221057 1221647 1221654 1221656 1221659 1222326 1222328 1222438 1222463 1222768 1222775 1222779 1222893 1223010 1223021 1223570 1223731 1223740 1223778 1223804 1223806 1223807 1223813 1223815 1223836 1223863 1224414 1224422 1224490 1224499 1224512 1224516 1224544 1224545 1224589 1224604 1224636 1224641 1224743 1224767 1225088 1225172 1225272 1225489 1225600 1225601 1225711 1225717 1225719 1225744 1225745 1225746 1225752 1225753 1225757 1225805 1225810 1225830 1225835 1225839 1225840 1225843 1225847 1225851 1225856 1225894 1225895 1225896 1226202 1226213 1226502 1226519 1226750 1226757 1226783 1226866 1226883 1226915 1226993 1227103 1227149 1227282 1227362 1227363 1227383 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227487 1227573 1227626 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227899 1227910 1227913 1227926 1228090 1228192 1228193 1228211 1228269 1228289 1228327 1228328 1228403 1228405 1228408 1228417 1228770 CVE-2013-4235 CVE-2023-38417 CVE-2023-47210 CVE-2023-51780 CVE-2023-52435 CVE-2023-52472 CVE-2023-52751 CVE-2023-52775 CVE-2024-25741 CVE-2024-26615 CVE-2024-26623 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26663 CVE-2024-26665 CVE-2024-26691 CVE-2024-26734 CVE-2024-26785 CVE-2024-26826 CVE-2024-26863 CVE-2024-26944 CVE-2024-27012 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27064 CVE-2024-27065 CVE-2024-27402 CVE-2024-27404 CVE-2024-35805 CVE-2024-35853 CVE-2024-35854 CVE-2024-35890 CVE-2024-35893 CVE-2024-35899 CVE-2024-35908 CVE-2024-35934 CVE-2024-35942 CVE-2024-36003 CVE-2024-36004 CVE-2024-36889 CVE-2024-36901 CVE-2024-36902 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36922 CVE-2024-36930 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36955 CVE-2024-36959 CVE-2024-36974 CVE-2024-38558 CVE-2024-38586 CVE-2024-38598 CVE-2024-38604 CVE-2024-38659 CVE-2024-39276 CVE-2024-39468 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2802-1 Released: Wed Aug 7 09:46:02 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1194869,1215199,1215587,1218442,1218730,1218820,1219832,1220138,1220427,1220430,1220942,1221057,1221647,1221654,1221656,1221659,1222326,1222328,1222438,1222463,1222768,1222775,1222779,1222893,1223010,1223021,1223570,1223731,1223740,1223778,1223804,1223806,1223807,1223813,1223815,1223836,1223863,1224414,1224422,1224490,1224499,1224512,1224516,1224544,1224545,1224589,1224604,1224636,1224641,1224743,1224767,1225088,1225172,1225272,1225489,1225600,1225601,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225805,1225810,1225830,1225835,1225839,1225840,1225843,1225847,1225851,1225856,1225894,1225895,1225896,1226202,1226213,1226502,1226519,1226750,1226757,1226783,1226866,1226883,1226915,1226993,1227103,1227149,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1 227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52435,CVE-2023-52472,CVE-2023-52751,CVE-2023-52775,CVE-2024-25741,CVE-2024-26615,CVE-2024-26623,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26663,CVE-2024-26665,CVE-2024-26691,CVE-2024-26734,CVE-2024-26785,CVE-2024-26826,CVE-2024-26863,CVE-2024-26944,CVE-2024-27012,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27064,CVE-2024-27065,CVE-2024-27402,CVE-2024-27404,CVE-2024-35805,CVE-2024-35853,CVE-2024-35854,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35908,CVE-2024-35934,CVE-2024-35942,CVE-2024-36003,CVE-2024-36004,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-3 6922,CVE-2024-36930,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38558,CVE-2024-38586,CVE-2024-38598,CVE-2024-38604,CVE-2024-38659,CVE-2024-39276,CVE-2024-39468,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE-2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/restrack: Fix potential invalid address access (git-fixes) - Revert 'drm/bridge: tc358767: Set default CLRSIPO count' (stable-fixes). - Revert 'gfs2: fix glock shrinker ref issues' (git-fixes). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - Revert 'wifi: ath11k: call ath11k_mac_fils_discovery() without condition' (bsc#1227149). - Revert 'wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ' (bsc#1227149). - Revert 'wifi: iwlwifi: bump FW API to 90 for BZ/SC devices' (bsc#1227149). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - Update config files (bsc#1227282). Update the CONFIG_LSM option to include the selinux LSM in the default set of LSMs. The selinux LSM will not get enabled because it is preceded by apparmor, which is the first exclusive LSM. Updating CONFIG_LSM resolves failures that result in the system not booting up when 'security=selinux selinux=1' is passed to the kernel and SELinux policies are installed. - Update config files for mt76 stuff (bsc#1227149) - Update config files: adjust for Arm CONFIG_MT798X_WMAC (bsc#1227149) - Update config files: update for the realtek wifi driver updates (bsc#1227149) - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI workaround for wireless updates (bsc#1227149). - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kernel-binary: vdso: Own module_dir - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: Block on write congestion (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: use coarse time for new created files (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - phy: cadence-torrent: Check return value on register read (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - regmap-i2c: Subtract reg size from max_write (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - supported.conf: Add support for v4l2-dv-timings (jsc#PED-8644) - supported.conf: mark vdpa modules supported (jsc#PED-8954) - supported.conf: update for mt76 stuff (bsc#1227149) - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2808-1 Released: Wed Aug 7 09:49:32 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) The following package changes have been done: - kernel-default-6.4.0-150600.23.17.1 updated - login_defs-4.8.1-150600.17.6.1 updated - shadow-4.8.1-150600.17.6.1 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:01:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 07:01:31 -0000 Subject: SUSE-IU-2024:830-1: Security update of suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2 Message-ID: <20240810070128.9BF53FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:830-1 Image Tags : suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2:20240807 Image Release : Severity : critical Type : security References : 1023051 1027519 1029961 1041742 1065729 1082216 1082233 1084909 1089497 1107342 1107342 1108281 1111622 1118088 1132160 1140095 1140101 1141157 1151927 1152472 1154353 1154609 1156395 1156395 1157881 1158095 1158763 1158830 1160435 1168699 1170175 1170267 1170415 1170446 1171479 1171511 1171988 1172073 1174585 1174713 1175678 1176447 1176447 1176588 1176774 1176774 1176785 1176869 1178134 1178760 1179534 1179610 1181147 1181147 1181477 1182142 1183663 1184177 1184208 1184631 1184753 1184758 1184942 1185570 1185589 1185902 1186060 1186673 1186885 1187357 1187829 1188441 1188500 1188616 1188772 1189608 1189883 1190576 1190795 1191452 1191731 1191958 1192051 1192107 1192145 1192145 1192986 1193173 1193285 1193412 1193752 1194038 1194288 1194516 1194557 1194591 1195065 1195254 1195798 1196293 1196647 1196933 1196956 1197760 1198029 1198101 1198165 1198269 1198533 1199046 1199282 1199304 1199304 1199636 1200217 1200313 1200528 1200599 1200619 1200710 1200731 1200975 1201010 1201253 1201384 1201399 1201489 1201627 1201817 1202234 1202623 1202845 1203300 1203389 1203393 1203517 1203669 1203750 1203760 1203818 1203906 1203935 1204294 1204405 1204489 1204563 1204614 1204942 1205533 1205588 1205604 1205756 1205758 1205758 1205760 1205762 1205767 1205803 1205855 1206024 1206402 1206418 1206447 1206480 1206480 1206608 1206627 1206646 1206674 1206684 1206684 1206798 1206798 1207004 1207036 1207071 1207157 1207270 1207270 1207534 1207543 1207598 1207653 1207805 1207853 1207987 1207987 1208003 1208074 1208474 1208574 1208600 1208604 1208721 1208928 1208995 1208995 1209039 1209122 1209229 1209233 1209233 1209287 1209342 1209536 1209565 1209635 1209657 1209657 1209779 1209859 1209979 1210015 1210070 1210141 1210169 1210273 1210277 1210286 1210298 1210323 1210335 1210335 1210382 1210419 1210448 1210533 1210557 1210557 1210584 1210629 1210638 1210643 1210652 1210658 1210660 1210715 1210740 1210778 1210780 1210783 1210791 1210797 1210799 1210853 1210940 1210950 1210959 1210996 1210999 1211026 1211037 1211043 1211078 1211079 1211089 1211105 1211131 1211131 1211158 1211186 1211188 1211190 1211203 1211256 1211257 1211261 1211419 1211427 1211427 1211461 1211519 1211547 1211578 1211590 1211592 1211592 1211596 1211598 1211599 1211612 1211622 1211674 1211721 1211738 1211754 1211757 1211796 1211828 1211829 1211867 1211886 1212051 1212101 1212101 1212126 1212128 1212129 1212154 1212158 1212160 1212187 1212222 1212230 1212260 1212301 1212368 1212422 1212475 1212475 1212494 1212501 1212502 1212504 1212513 1212514 1212514 1212516 1212517 1212544 1212606 1212703 1212741 1212756 1212799 1212819 1212835 1212842 1212846 1212879 1212910 1212928 1213004 1213008 1213059 1213061 1213120 1213127 1213167 1213171 1213172 1213173 1213174 1213189 1213212 1213229 1213229 1213231 1213245 1213272 1213286 1213287 1213354 1213384 1213443 1213456 1213456 1213476 1213487 1213500 1213500 1213504 1213514 1213517 1213543 1213546 1213551 1213557 1213582 1213582 1213585 1213586 1213588 1213601 1213616 1213616 1213638 1213653 1213666 1213673 1213748 1213812 1213853 1213854 1213868 1213915 1213915 1213916 1213927 1213940 1213945 1213951 1213968 1213969 1213970 1213971 1214006 1214019 1214025 1214037 1214052 1214052 1214052 1214054 1214071 1214076 1214081 1214082 1214083 1214107 1214108 1214109 1214120 1214149 1214169 1214169 1214233 1214248 1214254 1214275 1214290 1214292 1214297 1214344 1214348 1214350 1214351 1214380 1214386 1214395 1214451 1214460 1214460 1214691 1214692 1214713 1214764 1214768 1214781 1214788 1214806 1214842 1214922 1214924 1214925 1214934 1214960 1215004 1215005 1215006 1215007 1215033 1215064 1215095 1215098 1215099 1215100 1215101 1215102 1215103 1215115 1215117 1215145 1215150 1215204 1215215 1215221 1215237 1215265 1215275 1215275 1215286 1215294 1215299 1215322 1215323 1215323 1215356 1215371 1215375 1215420 1215427 1215434 1215434 1215467 1215472 1215474 1215496 1215518 1215692 1215698 1215713 1215740 1215744 1215745 1215746 1215747 1215748 1215794 1215858 1215860 1215861 1215889 1215891 1215904 1215905 1215908 1215918 1215935 1215936 1215940 1215947 1215968 1215979 1216001 1216007 1216011 1216046 1216049 1216051 1216058 1216091 1216123 1216129 1216134 1216167 1216174 1216223 1216259 1216377 1216378 1216388 1216390 1216410 1216412 1216419 1216474 1216522 1216541 1216584 1216594 1216598 1216654 1216664 1216696 1216702 1216702 1216807 1216827 1216853 1216862 1216922 1216965 1216976 1216987 1217000 1217119 1217140 1217169 1217212 1217215 1217250 1217277 1217287 1217301 1217302 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217332 1217408 1217432 1217445 1217450 1217513 1217573 1217589 1217592 1217593 1217667 1217695 1217696 1217709 1217775 1217780 1217873 1217946 1217947 1217950 1217952 1217961 1217969 1217987 1217987 1217988 1217988 1217989 1217989 1218014 1218105 1218126 1218148 1218171 1218186 1218195 1218201 1218209 1218215 1218232 1218253 1218258 1218282 1218291 1218336 1218364 1218447 1218475 1218479 1218492 1218544 1218559 1218561 1218562 1218562 1218571 1218632 1218649 1218668 1218689 1218713 1218722 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218804 1218812 1218814 1218831 1218832 1218836 1218851 1218865 1218866 1218871 1218894 1218894 1218915 1218917 1218926 1218926 1218927 1218952 1219004 1219026 1219031 1219053 1219108 1219120 1219123 1219123 1219127 1219128 1219146 1219169 1219170 1219170 1219189 1219189 1219224 1219238 1219241 1219243 1219264 1219264 1219265 1219267 1219268 1219273 1219295 1219412 1219425 1219434 1219438 1219442 1219460 1219520 1219559 1219576 1219581 1219633 1219639 1219653 1219666 1219680 1219767 1219823 1219823 1219826 1219826 1219827 1219835 1219851 1219851 1219852 1219852 1219854 1219854 1219885 1219901 1219915 1220009 1220061 1220082 1220132 1220137 1220140 1220144 1220187 1220238 1220240 1220241 1220243 1220250 1220253 1220255 1220279 1220320 1220328 1220330 1220340 1220344 1220366 1220389 1220398 1220400 1220409 1220411 1220413 1220414 1220416 1220418 1220421 1220425 1220426 1220429 1220432 1220436 1220441 1220442 1220444 1220445 1220459 1220465 1220468 1220469 1220475 1220482 1220484 1220486 1220487 1220513 1220516 1220521 1220526 1220528 1220529 1220532 1220538 1220554 1220556 1220557 1220560 1220561 1220566 1220570 1220572 1220575 1220580 1220583 1220599 1220611 1220615 1220621 1220625 1220627 1220630 1220631 1220638 1220639 1220640 1220641 1220641 1220649 1220660 1220662 1220663 1220664 1220669 1220670 1220677 1220678 1220679 1220679 1220685 1220687 1220688 1220689 1220692 1220697 1220700 1220703 1220706 1220724 1220733 1220734 1220735 1220736 1220737 1220739 1220742 1220743 1220745 1220745 1220749 1220751 1220753 1220754 1220755 1220758 1220759 1220763 1220764 1220767 1220768 1220769 1220770 1220771 1220777 1220779 1220785 1220790 1220794 1220796 1220824 1220825 1220826 1220826 1220829 1220831 1220836 1220845 1220846 1220850 1220854 1220860 1220861 1220863 1220870 1220871 1220877 1220883 1220917 1220918 1220930 1220931 1220932 1220946 1220954 1220960 1220969 1220979 1220982 1220985 1220987 1220996 1221015 1221039 1221040 1221044 1221044 1221050 1221058 1221061 1221077 1221088 1221113 1221113 1221123 1221132 1221184 1221194 1221218 1221239 1221276 1221293 1221299 1221332 1221334 1221358 1221361 1221361 1221399 1221400 1221407 1221525 1221525 1221532 1221534 1221541 1221543 1221545 1221548 1221552 1221563 1221575 1221605 1221606 1221608 1221632 1221665 1221667 1221726 1221829 1221830 1221831 1221854 1221931 1221932 1221934 1221935 1221940 1221949 1221952 1221963 1221965 1221966 1221969 1221973 1221974 1221978 1221984 1221989 1221990 1221991 1221992 1221993 1221994 1221996 1221997 1221998 1221999 1222000 1222001 1222002 1222003 1222004 1222015 1222021 1222075 1222075 1222086 1222086 1222105 1222109 1222113 1222117 1222251 1222302 1222398 1222422 1222449 1222453 1222453 1222482 1222503 1222547 1222548 1222559 1222585 1222585 1222619 1222619 1222620 1222624 1222660 1222664 1222666 1222669 1222669 1222706 1222709 1222790 1222792 1222829 1222831 1222838 1222842 1222849 1222867 1222876 1222878 1222881 1222883 1222894 1222976 1222992 1223011 1223016 1223057 1223084 1223094 1223107 1223107 1223111 1223138 1223179 1223187 1223202 1223384 1223384 1223390 1223423 1223424 1223425 1223430 1223469 1223475 1223482 1223509 1223512 1223513 1223522 1223766 1223824 1223921 1223923 1223931 1223932 1223934 1223941 1223948 1223952 1223963 1223980 1224044 1224099 1224100 1224174 1224282 1224323 1224438 1224482 1224511 1224592 1224671 1224703 1224749 1224764 1224765 1224766 1224788 1224816 1224826 1224830 1224831 1224832 1224834 1224841 1224842 1224843 1224844 1224846 1224849 1224852 1224853 1224854 1224859 1224865 1224882 1224886 1224888 1224889 1224891 1224892 1224893 1224899 1224904 1224907 1224909 1224916 1224917 1224922 1224923 1224924 1224926 1224928 1224953 1224954 1224955 1224957 1224961 1224963 1224965 1224966 1224968 1224981 1224982 1224983 1224984 1224987 1224990 1224993 1224996 1224997 1225010 1225026 1225030 1225047 1225058 1225060 1225083 1225084 1225091 1225109 1225112 1225113 1225128 1225140 1225143 1225148 1225155 1225161 1225164 1225177 1225178 1225181 1225184 1225192 1225193 1225198 1225201 1225203 1225206 1225207 1225208 1225214 1225223 1225224 1225230 1225232 1225233 1225237 1225238 1225243 1225244 1225247 1225251 1225252 1225256 1225261 1225262 1225263 1225301 1225303 1225316 1225318 1225320 1225321 1225322 1225326 1225327 1225328 1225330 1225333 1225336 1225341 1225346 1225351 1225354 1225355 1225357 1225358 1225360 1225361 1225365 1225366 1225367 1225369 1225370 1225372 1225374 1225384 1225386 1225387 1225390 1225393 1225400 1225404 1225405 1225409 1225411 1225424 1225427 1225435 1225437 1225438 1225439 1225446 1225447 1225448 1225450 1225453 1225455 1225468 1225487 1225499 1225500 1225508 1225518 1225534 1225551 1225611 1225732 1225749 1225840 1225866 1225912 1225946 1225976 1226125 1226128 1226192 1226226 1226419 1226447 1226448 1226469 1226537 1226552 1226554 1226557 1226558 1226562 1226563 1226575 1226583 1226585 1226587 1226595 1226614 1226619 1226621 1226624 1226643 1226644 1226645 1226647 1226650 1226664 1226669 1226670 1226672 1226674 1226679 1226686 1226691 1226692 1226698 1226703 1226708 1226709 1226711 1226712 1226713 1226715 1226716 1226720 1226721 1226732 1226758 1226762 1226786 1226962 1227067 1227106 1227186 1227187 1227355 1227396 1227429 1227681 1227711 1228256 1228257 1228322 1228770 916845 CVE-2007-4559 CVE-2013-4235 CVE-2013-4235 CVE-2018-19787 CVE-2018-6798 CVE-2018-6913 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-13225 CVE-2019-14889 CVE-2019-18197 CVE-2019-25162 CVE-2020-12762 CVE-2020-12912 CVE-2020-16135 CVE-2020-1730 CVE-2020-26555 CVE-2020-27783 CVE-2020-36694 CVE-2020-36766 CVE-2020-36777 CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2020-36784 CVE-2020-36788 CVE-2020-8694 CVE-2020-8695 CVE-2021-23134 CVE-2021-28957 CVE-2021-29155 CVE-2021-29650 CVE-2021-30560 CVE-2021-33631 CVE-2021-3429 CVE-2021-3634 CVE-2021-3743 CVE-2021-3896 CVE-2021-39698 CVE-2021-43056 CVE-2021-43389 CVE-2021-43527 CVE-2021-43818 CVE-2021-4439 CVE-2021-46904 CVE-2021-46905 CVE-2021-46906 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914 CVE-2021-46915 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46924 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46953 CVE-2021-46955 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46964 CVE-2021-46966 CVE-2021-46968 CVE-2021-46971 CVE-2021-46974 CVE-2021-46976 CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988 CVE-2021-46989 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47005 CVE-2021-47006 CVE-2021-47009 CVE-2021-47012 CVE-2021-47013 CVE-2021-47013 CVE-2021-47014 CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034 CVE-2021-47035 CVE-2021-47038 CVE-2021-47041 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47054 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47060 CVE-2021-47061 CVE-2021-47061 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47074 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47104 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47113 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130 CVE-2021-47131 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153 CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47185 CVE-2021-47189 CVE-2021-47192 CVE-2021-47194 CVE-2021-47198 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216 CVE-2021-47220 CVE-2021-47227 CVE-2021-47228 CVE-2021-47229 CVE-2021-47230 CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47239 CVE-2021-47240 CVE-2021-47241 CVE-2021-47246 CVE-2021-47247 CVE-2021-47252 CVE-2021-47253 CVE-2021-47254 CVE-2021-47255 CVE-2021-47258 CVE-2021-47259 CVE-2021-47260 CVE-2021-47261 CVE-2021-47263 CVE-2021-47265 CVE-2021-47267 CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276 CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47285 CVE-2021-47288 CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47311 CVE-2021-47314 CVE-2021-47315 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47328 CVE-2021-47329 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334 CVE-2021-47337 CVE-2021-47338 CVE-2021-47340 CVE-2021-47341 CVE-2021-47343 CVE-2021-47344 CVE-2021-47347 CVE-2021-47348 CVE-2021-47350 CVE-2021-47353 CVE-2021-47354 CVE-2021-47356 CVE-2021-47368 CVE-2021-47369 CVE-2021-47372 CVE-2021-47375 CVE-2021-47378 CVE-2021-47379 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47387 CVE-2021-47388 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402 CVE-2021-47404 CVE-2021-47405 CVE-2021-47409 CVE-2021-47413 CVE-2021-47416 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47428 CVE-2021-47431 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47451 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47464 CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47511 CVE-2021-47512 CVE-2021-47516 CVE-2021-47518 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47535 CVE-2021-47536 CVE-2021-47538 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47549 CVE-2021-47557 CVE-2021-47562 CVE-2021-47563 CVE-2021-47565 CVE-2021-47571 CVE-2021-47576 CVE-2021-47583 CVE-2021-47589 CVE-2021-47595 CVE-2021-47596 CVE-2021-47600 CVE-2021-47602 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2022-0435 CVE-2022-0487 CVE-2022-1195 CVE-2022-1996 CVE-2022-20132 CVE-2022-20154 CVE-2022-2084 CVE-2022-2127 CVE-2022-22942 CVE-2022-2309 CVE-2022-28737 CVE-2022-2938 CVE-2022-3566 CVE-2022-36402 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-4269 CVE-2022-4304 CVE-2022-45154 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2022-48468 CVE-2022-48566 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48631 CVE-2022-48636 CVE-2022-48638 CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48673 CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701 CVE-2022-48702 CVE-2022-48704 CVE-2022-48710 CVE-2022-48711 CVE-2022-48715 CVE-2022-48717 CVE-2022-48722 CVE-2022-48724 CVE-2022-48726 CVE-2022-48728 CVE-2022-48730 CVE-2022-48732 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48767 CVE-2022-48768 CVE-2022-48771 CVE-2023-0160 CVE-2023-0160 CVE-2023-0459 CVE-2023-1077 CVE-2023-1079 CVE-2023-1192 CVE-2023-1192 CVE-2023-1206 CVE-2023-1249 CVE-2023-1380 CVE-2023-1637 CVE-2023-1667 CVE-2023-1786 CVE-2023-1786 CVE-2023-1786 CVE-2023-1829 CVE-2023-1829 CVE-2023-1859 CVE-2023-2002 CVE-2023-2004 CVE-2023-2007 CVE-2023-20569 CVE-2023-20569 CVE-2023-20588 CVE-2023-20588 CVE-2023-20593 CVE-2023-20593 CVE-2023-20593 CVE-2023-2137 CVE-2023-21400 CVE-2023-2156 CVE-2023-2156 CVE-2023-2163 CVE-2023-2176 CVE-2023-2177 CVE-2023-2194 CVE-2023-22652 CVE-2023-2283 CVE-2023-23454 CVE-2023-23559 CVE-2023-23586 CVE-2023-24023 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-26112 CVE-2023-27043 CVE-2023-27534 CVE-2023-2828 CVE-2023-2860 CVE-2023-28746 CVE-2023-28746 CVE-2023-28746 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-2985 CVE-2023-30078 CVE-2023-30079 CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-31085 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3159 CVE-2023-3161 CVE-2023-32181 CVE-2023-32233 CVE-2023-32269 CVE-2023-32360 CVE-2023-3268 CVE-2023-32681 CVE-2023-33288 CVE-2023-3341 CVE-2023-33460 CVE-2023-3358 CVE-2023-3390 CVE-2023-34241 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35827 CVE-2023-35827 CVE-2023-35828 CVE-2023-35945 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-3776 CVE-2023-3777 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 CVE-2023-38546 CVE-2023-3863 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39197 CVE-2023-39198 CVE-2023-39615 CVE-2023-39804 CVE-2023-4004 CVE-2023-4016 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-4091 CVE-2023-4128 CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4156 CVE-2023-4194 CVE-2023-4244 CVE-2023-42465 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4385 CVE-2023-4387 CVE-2023-4389 CVE-2023-4408 CVE-2023-4408 CVE-2023-44487 CVE-2023-4459 CVE-2023-4504 CVE-2023-45288 CVE-2023-45322 CVE-2023-45803 CVE-2023-45853 CVE-2023-45862 CVE-2023-45863 CVE-2023-45871 CVE-2023-45918 CVE-2023-46218 CVE-2023-4622 CVE-2023-4623 CVE-2023-46246 CVE-2023-46343 CVE-2023-4641 CVE-2023-46835 CVE-2023-46836 CVE-2023-46838 CVE-2023-46839 CVE-2023-46841 CVE-2023-46842 CVE-2023-4692 CVE-2023-4693 CVE-2023-47233 CVE-2023-47233 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-48795 CVE-2023-48795 CVE-2023-4881 CVE-2023-49083 CVE-2023-4921 CVE-2023-4921 CVE-2023-50387 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52433 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52463 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475 CVE-2023-52476 CVE-2023-52477 CVE-2023-52478 CVE-2023-52482 CVE-2023-52492 CVE-2023-52500 CVE-2023-52502 CVE-2023-52508 CVE-2023-52509 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52569 CVE-2023-52572 CVE-2023-52574 CVE-2023-52575 CVE-2023-52581 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52591 CVE-2023-52597 CVE-2023-52605 CVE-2023-52607 CVE-2023-52628 CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52707 CVE-2023-52752 CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-52881 CVE-2023-5344 CVE-2023-5441 CVE-2023-5517 CVE-2023-5517 CVE-2023-5535 CVE-2023-5678 CVE-2023-5717 CVE-2023-5981 CVE-2023-5981 CVE-2023-6004 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6270 CVE-2023-6270 CVE-2023-6356 CVE-2023-6356 CVE-2023-6516 CVE-2023-6516 CVE-2023-6531 CVE-2023-6531 CVE-2023-6535 CVE-2023-6535 CVE-2023-6536 CVE-2023-6536 CVE-2023-6597 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7042 CVE-2023-7192 CVE-2023-7207 CVE-2024-0217 CVE-2024-0340 CVE-2024-0397 CVE-2024-0450 CVE-2024-0553 CVE-2024-0565 CVE-2024-0607 CVE-2024-0639 CVE-2024-0727 CVE-2024-0775 CVE-2024-0841 CVE-2024-1086 CVE-2024-1151 CVE-2024-1737 CVE-2024-1975 CVE-2024-2004 CVE-2024-21626 CVE-2024-21626 CVE-2024-2193 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22099 CVE-2024-22195 CVE-2024-22365 CVE-2024-22667 CVE-2024-23307 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-23849 CVE-2024-23851 CVE-2024-2398 CVE-2024-25062 CVE-2024-2511 CVE-2024-25629 CVE-2024-26458 CVE-2024-26461 CVE-2024-26581 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26593 CVE-2024-26595 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26610 CVE-2024-26614 CVE-2024-26622 CVE-2024-26642 CVE-2024-26643 CVE-2024-26688 CVE-2024-26689 CVE-2024-26704 CVE-2024-26733 CVE-2024-26733 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816 CVE-2024-26822 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27043 CVE-2024-27398 CVE-2024-27413 CVE-2024-28085 CVE-2024-28182 CVE-2024-2961 CVE-2024-31142 CVE-2024-31143 CVE-2024-32487 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34064 CVE-2024-34397 CVE-2024-34459 CVE-2024-35195 CVE-2024-35235 CVE-2024-35789 CVE-2024-35811 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35878 CVE-2024-35895 CVE-2024-35914 CVE-2024-35950 CVE-2024-3651 CVE-2024-36894 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-4032 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20240807-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1221-1 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Type: security Severity: moderate References: 1132160,CVE-2019-11068 This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1409-1 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Type: security Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:32:31 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2611-1 Released: Thu Jun 22 09:55:10 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184208,1199636,1204405,1205756,1205758,1205760,1205762,1205803,1206024,1208474,1208604,1209287,1209779,1210715,1210783,1210940,1211037,1211043,1211105,1211131,1211186,1211203,1211590,1211592,1211596,1211622,CVE-2020-36694,CVE-2021-29650,CVE-2022-3566,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1637,CVE-2023-2156,CVE-2023-2194,CVE-2023-23586,CVE-2023-2483,CVE-2023-2513,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-32269,CVE-2023-33288 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2628-1 Released: Fri Jun 23 21:43:22 2023 Summary: Security update for cloud-init Type: security Severity: important References: 1171511,1203393,1210277,1210652,CVE-2022-2084,CVE-2023-1786 This update for cloud-init fixes the following issues: - CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277) - CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652) - Update to version 23.1 + Support transactional-updates for SUSE based distros + Set ownership for new folders in Write Files Module + add OpenCloudOS and TencentOS support + lxd: Retry if the server isn't ready + test: switch pycloudlib source to pypi + test: Fix integration test deprecation message + Recognize opensuse-microos, dev tooling fixes + sources/azure: refactor imds handler into own module + docs: deprecation generation support + add function is_virtual to distro/FreeBSD + cc_ssh: support multiple hostcertificates + Fix minor schema validation regression and fixup typing + doc: Reword user data debug section + cli: schema also validate vendordata*. + ci: sort and add checks for cla signers file + Add 'ederst' as contributor + readme: add reference to packages dir + docs: update downstream package list + docs: add google search verification + docs: fix 404 render use default notfound_urls_prefix in RTD conf + Fix OpenStack datasource detection on bare metal + docs: add themed RTD 404 page and pointer to readthedocs-hosted + schema: fix gpt labels, use type string for GUID + cc_disk_setup: code cleanup + netplan: keep custom strict perms when 50-cloud-init.yaml exists + cloud-id: better handling of change in datasource files + Warn on empty network key + Fix Vultr cloud_interfaces usage + cc_puppet: Update puppet service name + docs: Clarify networking docs + lint: remove httpretty + cc_set_passwords: Prevent traceback when restarting ssh + tests: fix lp1912844 + tests: Skip ansible test on bionic + Wait for NetworkManager + docs: minor polishing + CI: migrate integration-test to GH actions + Fix permission of SSH host keys + Fix default route rendering on v2 ipv6 + doc: fix path in net_convert command + docs: update net_convert docs + doc: fix dead link + cc_set_hostname: ignore /var/lib/cloud/data/set-hostname if it's empty + distros/rhel.py: _read_hostname() missing strip on 'hostname' + integration tests: add IBM VPC support + machine-id: set to uninitialized to trigger regeneration on clones + sources/azure: retry on connection error when fetching metdata + Ensure ssh state accurately obtained + bddeb: drop dh-systemd dependency on newer deb-based releases + doc: fix `config formats` link in cloudsigma.rst + Fix wrong subp syntax in cc_set_passwords.py + docs: update the PR template link to readthedocs + ci: switch unittests to gh actions + Add mount_default_fields for PhotonOS. + sources/azure: minor refactor for metadata source detection logic + add 'CalvoM' as contributor + ci: doc to gh actions + lxd: handle 404 from missing devices route for LXD 4.0 + docs: Diataxis overhaul + vultr: Fix issue regarding cache and region codes + cc_set_passwords: Move ssh status checking later + Improve Wireguard module idempotency + network/netplan: add gateways as on-link when necessary + tests: test_lxd assert features.networks.zones when present + Use btrfs enquque when available (#1926) [Robert Schweikert] + sources/azure: fix device driver matching for net config (#1914) + BSD: fix duplicate macs in Ifconfig parser + pycloudlib: add lunar support for integration tests + nocloud: add support for dmi variable expansion for seedfrom URL + tools: read-version drop extra call to git describe --long + doc: improve cc_write_files doc + read-version: When insufficient tags, use cloudinit.version.get_version + mounts: document weird prefix in schema + Ensure network ready before cloud-init service runs on RHEL + docs: add copy button to code blocks + netplan: define features.NETPLAN_CONFIG_ROOT_READ_ONLY flag + azure: fix support for systems without az command installed + Fix the distro.osfamily output problem in the openEuler system. + pycloudlib: bump commit dropping azure api smoke test + net: netplan config root read-only as wifi config can contain creds + autoinstall: clarify docs for users + sources/azure: encode health report as utf-8 + Add back gateway4/6 deprecation to docs + networkd: Add support for multiple [Route] sections + doc: add qemu tutorial + lint: fix tip-flake8 and tip-mypy + Add support for setting uid when creating users on FreeBSD + Fix exception in BSD networking code-path + Append derivatives to is_rhel list in cloud.cfg.tmpl + FreeBSD init: use cloudinit_enable as only rcvar + feat: add support aliyun metadata security harden mode + docs: uprate analyze to performance page + test: fix lxd preseed managed network config + Add support for static IPv6 addresses for FreeBSD + Make 3.12 failures not fail the build + Docs: adding relative links + Fix setup.py to align with PEP 440 versioning replacing trailing + Add 'nkukard' as contributor + doc: add how to render new module doc + doc: improve module creation explanation + Add Support for IPv6 metadata to OpenStack + add xiaoge1001 to .github-cla-signers + network: Deprecate gateway{4,6} keys in network config v2 + VMware: Move Guest Customization transport from OVF to VMware + doc: home page links added + net: skip duplicate mac check for netvsc nic and its VF This update for python-responses fixes the following issues: - update to 0.21.0: * Add `threading.Lock()` to allow `responses` working with `threading` module. * Add `urllib3` `Retry` mechanism. See #135 * Removed internal `_cookies_from_headers` function * Now `add`, `upsert`, `replace` methods return registered response. `remove` method returns list of removed responses. * Added null value support in `urlencoded_params_matcher` via `allow_blank` keyword argument * Added strict version of decorator. Now you can apply `@responses.activate(assert_all_requests_are_fired=True)` to your function to validate that all requests were executed in the wrapped function. See #183 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2859-1 Released: Mon Jul 17 16:43:57 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1160435,1172073,1187829,1191731,1199046,1200217,1205758,1208600,1209039,1209342,1210533,1210791,1211089,1211519,1211796,1212128,1212129,1212154,1212158,1212494,1212501,1212502,1212504,1212513,1212606,1212842,CVE-2023-1077,CVE-2023-1249,CVE-2023-2002,CVE-2023-3090,CVE-2023-3141,CVE-2023-3159,CVE-2023-3161,CVE-2023-3268,CVE-2023-3358,CVE-2023-35788,CVE-2023-35823,CVE-2023-35824,CVE-2023-35828 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2894-1 Released: Thu Jul 20 06:45:06 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2909-1 Released: Thu Jul 20 10:59:11 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2954-1 Released: Mon Jul 24 13:01:46 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,CVE-2023-2828 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3060-1 Released: Mon Jul 31 13:27:42 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3173-1 Released: Thu Aug 3 08:56:10 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:3283-1 Released: Fri Aug 11 10:28:34 2023 Summary: Feature update for cloud-init Type: feature Severity: moderate References: 1184758,1210273,1212879,CVE-2021-3429,CVE-2023-1786 This update for cloud-init fixes the following issues: - Default route is not configured (bsc#1212879) - cloud-final service failing in powerVS (bsc#1210273) - Randomly generated passwords logged in clear-text to world-readable file (bsc#1184758, CVE-2021-3429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3294-1 Released: Fri Aug 11 13:51:51 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1200975,1204294,1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 - Create xen usb controller device if necessary (bsc#1204294) - Improve treatment of NVME devices (bsc#1200975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3369-1 Released: Tue Aug 22 11:12:02 2023 Summary: Security update for python-configobj Type: security Severity: low References: 1210070,CVE-2023-26112 This update for python-configobj fixes the following issues: - CVE-2023-26112: Fixed regular expression denial of service vulnerability in validate.py (bsc#1210070). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3373-1 Released: Tue Aug 22 13:48:25 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3391-1 Released: Wed Aug 23 17:29:26 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199304,1206418,1207270,1210584,1211131,1211738,1211867,1212301,1212741,1212835,1212846,1213059,1213061,1213167,1213245,1213286,1213287,1213354,1213543,1213585,1213586,1213588,1213653,1213868,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-2156,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle < 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3446-1 Released: Mon Aug 28 10:56:49 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1204489,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3467-1 Released: Tue Aug 29 07:39:36 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213940 This update for samba fixes the following issues: - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3540-1 Released: Tue Sep 5 16:44:44 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3546-1 Released: Wed Sep 6 14:07:17 2023 Summary: Recommended update for open-iscsi Type: recommended Severity: low References: 1207157 This update for open-iscsi fixes the following issues: -Set 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3684-1 Released: Tue Sep 19 17:12:12 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1203517,1210448,1213272,1213546,1213601,1213666,1213916,1213927,1213968,1213969,1213970,1213971,1214019,1214120,1214149,1214275,1214297,1214348,1214350,1214451,CVE-2022-36402,CVE-2023-2007,CVE-2023-20588,CVE-2023-21400,CVE-2023-34319,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4132,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4385,CVE-2023-4387,CVE-2023-4459 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3903-1 Released: Fri Sep 29 15:14:18 2023 Summary: Security update for xen Type: security Severity: important References: 1213616,1215145,1215474,CVE-2023-20588,CVE-2023-20593,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3934-1 Released: Mon Oct 2 12:04:33 2023 Summary: Security update for bind Type: security Severity: important References: 1213748,1215472,CVE-2023-3341 This update for bind fixes the following issues: Security fixes: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Other fixes: - Add `dnstap` support (jsc#PED-4853, jsc#PED-4852, bsc#1213748) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4095-1 Released: Tue Oct 17 15:03:04 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176588,1202845,1207036,1207270,1208995,1210169,1210643,1210658,1212703,1213812,1214233,1214351,1214380,1214386,1215115,1215117,1215150,1215221,1215275,1215299,1215322,1215356,CVE-2020-36766,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-23454,CVE-2023-4004,CVE-2023-40283,CVE-2023-42753,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4096-1 Released: Tue Oct 17 15:04:04 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4106-1 Released: Wed Oct 18 09:10:14 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: This update ships suseconnect-ng, the SUSEConnect replacement, to SUSE Linux Enterprise 15 SP1, SP2, and SP3. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4130-1 Released: Thu Oct 19 09:53:13 2023 Summary: Security update for grub2 Type: security Severity: important References: 1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4174-1 Released: Tue Oct 24 12:36:41 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). - CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). - CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4237-1 Released: Mon Oct 30 03:42:23 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1215064 This update for perl-Bootloader fixes the following issues: - `bootloader_entry` script can have an optional 'force-default' argument (bsc#1215064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4348-1 Released: Thu Nov 2 15:38:52 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1210778,1210853,1212051,1214842,1215095,1215467,1215518,1215745,1215858,1215860,1215861,1216046,1216051,1216134,CVE-2023-2163,CVE-2023-31085,CVE-2023-3111,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-42754,CVE-2023-45862 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4461-1 Released: Thu Nov 16 15:03:33 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4466-1 Released: Thu Nov 16 17:57:03 2023 Summary: Security update for xen Type: security Severity: important References: 1216654,1216807,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4704-1 Released: Mon Dec 11 07:20:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986 This update for dracut fixes the following issues: - Update to version 049.1+suse.257.gf94c3fd1 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4811-1 Released: Wed Dec 13 19:01:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210780,1214037,1214344,1214764,1215371,1216058,1216259,1216584,1216965,1216976,1217140,1217332,1217408,1217780,CVE-2023-31083,CVE-2023-39197,CVE-2023-39198,CVE-2023-45863,CVE-2023-45871,CVE-2023-5717,CVE-2023-6176 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4910-1 Released: Tue Dec 19 16:02:41 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). - CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4921-1 Released: Wed Dec 20 09:51:31 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4986-1 Released: Thu Dec 28 16:05:33 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:9-1 Released: Tue Jan 2 13:20:01 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-?? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:43-1 Released: Fri Jan 5 14:49:13 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:18:56 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:126-1 Released: Tue Jan 16 13:48:02 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:128-1 Released: Tue Jan 16 13:50:37 2024 Summary: Security update for cloud-init Type: security Severity: moderate References: 1198269,1201010,1214169,1215740,1215794,1216007,1216011,CVE-2023-1786 This update for cloud-init contains the following fixes: - Move fdupes call back to %install.(bsc#1214169) - Update to version 23.3. (bsc#1216011) * (bsc#1215794) * (bsc#1215740) * (bsc#1216007) + Bump pycloudlib to 1!5.1.0 for ec2 mantic daily image support (#4390) + Fix cc_keyboard in mantic (LP: #2030788) + ec2: initialize get_instance_userdata return value to bytes (#4387) [Noah Meyerhans] + cc_users_groups: Add doas/opendoas support (#4363) [dermotbradley] + Fix pip-managed ansible + status: treat SubState=running and MainPID=0 as service exited + azure/imds: increase read-timeout to 30s (#4372) [Chris Patterson] + collect-logs fix memory usage (SC-1590) (#4289) [Alec Warren] (LP: #1980150) + cc_mounts: Use fallocate to create swapfile on btrfs (#4369) + Undocument nocloud-net (#4318) + feat(akamai): add akamai to settings.py and apport.py (#4370) + read-version: fallback to get_version when git describe fails (#4366) + apt: fix cloud-init status --wait blocking on systemd v 253 (#4364) + integration tests: Pass username to pycloudlib (#4324) + Bump pycloudlib to 1!5.1.0 (#4353) + cloud.cfg.tmpl: reorganise, minimise/reduce duplication (#4272) [dermotbradley] + analyze: fix (unexpected) timestamp parsing (#4347) [Mina Gali??] + cc_growpart: fix tests to run on FreeBSD (#4351) [Mina Gali??] + subp: Fix spurious test failure on FreeBSD (#4355) [Mina Gali??] + cmd/clean: fix tests on non-Linux platforms (#4352) [Mina Gali??] + util: Fix get_proc_ppid() on non-Linux systems (#4348) [Mina Gali??] + cc_wireguard: make tests pass on FreeBSD (#4346) [Mina Gali??] + unittests: fix breakage in test_read_cfg_paths_fetches_cached_datasource (#4328) [Ani Sinha] + Fix test_tools.py collection (#4315) + cc_keyboard: add Alpine support (#4278) [dermotbradley] + Flake8 fixes (#4340) [Robert Schweikert] + cc_mounts: Fix swapfile not working on btrfs (#4319) [?????????] (LP: #1884127) + ds-identify/CloudStack: $DS_MAYBE if vm running on vmware/xen (#4281) [Wei Zhou] + ec2: Support double encoded userdata (#4275) [Noah Meyerhans] + cc_mounts: xfs is a Linux only FS (#4334) [Mina Gali??] + tests/net: fix TestGetInterfaces' mock coverage for get_master (#4336) [Chris Patterson] + change openEuler to openeuler and fix some bugs in openEuler (#4317) [sxt1001] + Replace flake8 with ruff (#4314) + NM renderer: set default IPv6 addr-gen-mode for all interfaces to eui64 (#4291) [Ani Sinha] + cc_ssh_import_id: add Alpine support and add doas support (#4277) [dermotbradley] + sudoers not idempotent (SC-1589) (#4296) [Alec Warren] (LP: #1998539) + Added support for Akamai Connected Cloud (formerly Linode) (#4167) [Will Smith] + Fix reference before assignment (#4292) + Overhaul module reference page (#4237) [Sally] + replaced spaces with commas for setting passenv (#4269) [Alec Warren] + DS VMware: modify a few log level (#4284) [PengpengSun] + tools/read-version refactors and unit tests (#4268) + Ensure get_features() grabs all features (#4285) + Don't always require passlib dependency (#4274) + tests: avoid leaks into host system checking of ovs-vsctl cmd (#4275) + Fix NoCloud kernel commandline key parsing (#4273) + testing: Clear all LRU caches after each test (#4249) + Remove the crypt dependency (#2139) [Gon??ri Le Bouder] + logging: keep current file mode of log file if its stricter than the new mode (#4250) [Ani Sinha] + Remove default membership in redundant groups (#4258) [Dave Jones] (LP: #1923363) + doc: improve datasource_creation.rst (#4262) + Remove duplicate Integration testing button (#4261) [Rishita Shaw] + tools/read-version: fix the tool so that it can handle version parsing errors (#4234) [Ani Sinha] + net/dhcp: add udhcpc support (#4190) [Jean-Fran??ois Roche] + DS VMware: add i386 arch dir to deployPkg plugin search path [PengpengSun] + LXD moved from linuxcontainers.org to Canonical [Simon Deziel] + cc_mounts.py: Add note about issue with creating mounts inside mounts (#4232) [dermotbradley] + lxd: install lxd from snap, not deb if absent in image + landscape: use landscape-config to write configuration + Add deprecation log during init of DataSourceDigitalOcean (#4194) [tyb-truth] + doc: fix typo on apt.primary.arches (#4238) [Dan Bungert] + Inspect systemd state for cloud-init status (#4230) + instance-data: add system-info and features to combined-cloud-config (#4224) + systemd: Block login until config stage completes (#2111) (LP: #2013403) + tests: proposed should invoke apt-get install -t=-proposed (#4235) + cloud.cfg.tmpl: reinstate ca_certs entry (#4236) [dermotbradley] + Remove feature flag override ability (#4228) + tests: drop stray unrelated file presence test (#4227) + Update LXD URL (#4223) [Sally] + schema: add network v1 schema definition and validation functions + tests: daily PPA for devel series is version 99.daily update tests to match (#4225) + instance-data: write /run/cloud-init/combined-cloud-config.json + mount parse: Fix matching non-existent directories (#4222) [Mina Gali??] + Specify build-system for pep517 (#4218) + Fix network v2 metric rendering (#4220) + Migrate content out of FAQ page (SD-1187) (#4205) [Sally] + setup: fix generation of init templates (#4209) [Mina Gali??] + docs: Correct some bootcmd example wording + fix changelog + tests: reboot client to assert x-shellscript-per-boot is triggered + nocloud: parse_cmdline no longer detects nocloud-net datasource (#4204) (LP: 4203, #2025180) + Add docstring and typing to mergemanydict (#4200) + BSD: add dsidentify to early startup scripts (#4182) [Mina Gali??] + handler: report errors on skipped merged cloud-config.txt parts (LP: #1999952) + Add cloud-init summit writeups (#4179) [Sally] + tests: Update test_clean_log for oci (#4187) + gce: improve ephemeral fallback NIC selection (CPC-2578) (#4163) + tests: pin pytest 7.3.1 to avoid adverse testpaths behavior (#4184) + Ephemeral Networking for FreeBSD (#2165) [Mina Gali??] + Clarify directory syntax for nocloud local filesystem. (#4178) + Set default renderer as sysconfig for centos/rhel (#4165) [Ani Sinha] + Test static routes and netplan 0.106 + FreeBSD fix parsing of mount and mount options (#2146) [Mina Gali??] + test: add tracking bug id (#4164) + tests: can't match MAC for LXD container veth due to netplan 0.106 (#4162) + Add kaiwalyakoparkar as a contributor (#4156) [Kaiwalya Koparkar] + BSD: remove datasource_list from cloud.cfg template (#4159) [Mina Gali??] + launching salt-minion in masterless mode (#4110) [Denis Halturin] + tools: fix run-container builds for rockylinux/8 git hash mismatch (#4161) + fix doc lint: spellchecker tripped up (#4160) [Mina Gali??] + Support Ephemeral Networking for BSD (#2127) + Added / fixed support for static routes on OpenBSD and FreeBSD (#2157) [Kadir Mueller] + cc_rsyslog: Refactor for better multi-platform support (#4119) [Mina Gali??] (LP: #1798055) + tests: fix test_lp1835584 (#4154) + cloud.cfg mod names: docs and rename salt_minion and set_password (#4153) + vultr: remove check_route check (#2151) [Jonas Chevalier] + Update SECURITY.md (#4150) [Indrranil Pawar] + Update CONTRIBUTING.rst (#4149) [Indrranil Pawar] + Update .github-cla-signers (#4151) [Indrranil Pawar] + Standardise module names in cloud.cfg.tmpl to only use underscore (#4128) [dermotbradley] + Modify PR template so autoclose works >From 23.2.2 + Fix NoCloud kernel commandline key parsing (#4273) (Fixes: #4271) (LP: #2028562) + Fix reference before assignment (#4292) (Fixes: #4288) (LP: #2028784) >From 23.2.1 + nocloud: Fix parse_cmdline detection of nocloud-net datasource (#4204) (Fixes: 4203) (LP: #2025180) >From 23.2 + BSD: simplify finding MBR partitions by removing duplicate code [Mina Gali??] + tests: bump pycloudlib version for mantic builds + network-manager: Set higher autoconnect priority for nm keyfiles (#3671) [Ani Sinha] + alpine.py: change the locale file used (#4139) [dermotbradley] + cc_ntp: Sync up with current FreeBSD ntp.conf (#4122) [Mina Gali??] + config: drop refresh_rmc_and_interface as RHEL 7 no longer supported [Robert Schweikert] + docs: Add feedback button to docs + net/sysconfig: enable sysconfig renderer if network manager has ifcfg-rh plugin (#4132) [Ani Sinha] + For Alpine use os-release PRETTY_NAME (#4138) [dermotbradley] + network_manager: add a method for ipv6 static IP configuration (#4127) [Ani Sinha] + correct misnamed template file host.mariner.tmpl (#4124) [dermotbradley] + nm: generate ipv6 stateful dhcp config at par with sysconfig (#4115) [Ani Sinha] + Add templates for GitHub Issues + Add 'peers' and 'allow' directives in cc_ntp (#3124) [Jacob Salmela] + FreeBSD: Fix user account locking (#4114) [Mina Gali??] (GH: #1854594) + FreeBSD: add ResizeGrowFS class to cc_growpart (#2334) [Mina Gali??] + Update tests in Azure TestCanDevBeReformatted class (#2771) [Ksenija Stanojevic] + Replace Launchpad references with GitHub Issues + Fix KeyError in iproute pformat (#3287) [Dmitry Zykov] + schema: read_cfg_paths call init.fetch to lookup /v/l/c/instance + azure/errors: introduce reportable errors for imds (#3647) [Chris Patterson] + FreeBSD (and friends): better identify MBR slices (#2168) [Mina Gali??] (LP: #2016350) + azure/errors: add host reporting for dhcp errors (#2167) [Chris Patterson] + net: purge blacklist_drivers across net and azure (#2160) [Chris Patterson] + net: refactor hyper-v VF filtering and apply to get_interfaces() (#2153) [Chris Patterson] + tests: avoid leaks to underlying filesystem for /etc/cloud/clean.d (#2251) + net: refactor find_candidate_nics_on_linux() to use get_interfaces() (#2159) [Chris Patterson] + resolv_conf: Allow > 3 nameservers (#2152) [Major Hayden] + Remove mount NTFS error message (#2134) [Ksenija Stanojevic] + integration tests: fix image specification parsing (#2166) + ci: add hypothesis scheduled GH check (#2149) + Move supported distros list to docs (#2162) + Fix logger, use instance rather than module function (#2163) + README: Point to Github Actions build status (#2158) + Revert 'fix linux-specific code on bsd (#2143)' (#2161) + Do not generate dsa and ed25519 key types when crypto FIPS mode is enabled (#2142) [Ani Sinha] (LP: 2017761) + Add documentation label automatically (#2156) + sources/azure: report success to host and introduce kvp module (#2141) [Chris Patterson] + setup.py: use pkg-config for udev/rules path (#2137) [dankm] + openstack/static: honor the DNS servers associated with a network (#2138) [Gon??ri Le Bouder] + fix linux-specific code on bsd (#2143) + cli: schema validation of jinja template user-data (SC-1385) (#2132) (LP: #1881925) + gce: activate network discovery on every boot (#2128) + tests: update integration test to assert 640 across reboots (#2145) + Make user/vendor data sensitive and remove log permissions (#2144) (LP: #2013967) + Update kernel command line docs (SC-1457) (#2133) + docs: update network configuration path links (#2140) [d1r3ct0r] + sources/azure: report failures to host via kvp (#2136) [Chris Patterson] + net: Document use of `ip route append` to add routes (#2130) + dhcp: Add missing mocks (#2135) + azure/imds: retry fetching metadata up to 300 seconds (#2121) [Chris Patterson] + [1/2] DHCP: Refactor dhcp client code (#2122) + azure/errors: treat traceback_base64 as string (#2131) [Chris Patterson] + azure/errors: introduce reportable errors (#2129) [Chris Patterson] + users: schema permit empty list to indicate create no users + azure: introduce identity module (#2116) [Chris Patterson] + Standardize disabling cloud-init on non-systemd (#2112) + Update .github-cla-signers (#2126) [Rob Tongue] + NoCloud: Use seedfrom protocol to determine mode (#2107) + rhel: Remove sysvinit files. (#2114) + tox.ini: set -vvvv --showlocals for pytest (#2104) [Chris Patterson] + Fix NoCloud kernel commandline semi-colon args + run-container: make the container/VM timeout configurable (#2118) [Paride Legovini] + suse: Remove sysvinit files. (#2115) + test: Backport assert_call_count for old requests (#2119) + Add 'licebmi' as contributor (#2113) [Mark Martinez] + Adapt DataSourceScaleway to upcoming IPv6 support (#2033) [Louis Bouchard] + rhel: make sure previous-hostname file ends with a new line (#2108) [Ani Sinha] + Adding contributors for DataSourceAkamai (#2110) [acourdavAkamai] + Cleanup ephemeral IP routes on exception (#2100) [sxt1001] + commit 09a64badfb3f51b1b391fa29be19962381a4bbeb [sxt1001] (LP: #2011291) + Standardize kernel commandline user interface (#2093) + config/cc_resizefs: fix do_resize arguments (#2106) [Chris Patterson] + Fix test_dhclient_exits_with_error (#2105) + net/dhcp: catch dhclient failures and raise NoDHCPLeaseError (#2083) [Chris Patterson] + sources/azure: move pps handling out of _poll_imds() (#2075) [Chris Patterson] + tests: bump pycloudlib version (#2102) + schema: do not manipulate draft4 metaschema for jsonschema 2.6.0 (#2098) + sources/azure/imds: don't count timeout errors as connection errors (#2074) [Chris Patterson] + Fix Python 3.12 unit test failures (#2099) + integration tests: Refactor instance checking (#1989) + ci: migrate remaining jobs from travis to gh (#2085) + missing ending quote in instancedata docs(#2094) [Hong L] + refactor: stop passing log instances to cc_* handlers (#2016) [d1r3ct0r] + tests/vmware: fix test_no_data_access_method failure (#2092) [Chris Patterson] + Don't change permissions of netrules target (#2076) (LP: #2011783) + tests/sources: patch util.get_cmdline() for datasource tests (#2091) [Chris Patterson] + macs: ignore duplicate MAC for devs with driver driver qmi_wwan (#2090) (LP: #2008888) + Fedora: Enable CA handling (#2086) [Franti??ek Zatloukal] + Send dhcp-client-identifier for InfiniBand ports (#2043) [Waleed Mousa] + cc_ansible: complete the examples and doc (#2082) [Yves] + bddeb: for dev package, derive debhelper-compat from host system + apport: only prompt for cloud_name when instance-data.json is absent + datasource: Optimize datasource detection, fix bugs (#2060) + Handle non existent ca-cert-config situation (#2073) [Shreenidhi Shedi] + sources/azure: add networking check for all source PPS (#2061) [Chris Patterson] + do not attempt dns resolution on ip addresses (#2040) + chore: fix style tip (#2071) + Fix metadata IP in instancedata.rst (#2063) [Brian Haley] + util: Pass deprecation schedule in deprecate_call() (#2064) + config: Update grub-dpkg docs (#2058) + docs: Cosmetic improvements and styling (#2057) [s-makin] + cc_grub_dpkg: Added UEFI support (#2029) [Alexander Birkner] + tests: Write to /var/spool/rsyslog to adhere to apparmor profile (#2059) + oracle-ds: prefer system_cfg over ds network config source (#1998) (LP: #1956788) + Remove dead code (#2038) + source: Force OpenStack when it is only option (#2045) (LP: #2008727) + cc_ubuntu_advantage: improve UA logs discovery + sources/azure: fix regressions in IMDS behavior (#2041) [Chris Patterson] + tests: fix test_schema (#2042) + dhcp: Cleanup unused kwarg (#2037) + sources/vmware/imc: fix-missing-catch-few-negtive-scenarios (#2027) [PengpengSun] + dhclient_hook: remove vestigal dhclient_hook command (#2015) + log: Add standardized deprecation tooling (SC-1312) (#2026) + Enable SUSE based distros for ca handling (#2036) [Robert Schweikert] >From 23.1.2 + Make user/vendor data sensitive and remove log permissions (LP: #2013967) (CVE-2023-1786) - Remove six dependency (bsc#1198269) - Update to version 22.4 (bsc#1201010) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:153-1 Released: Thu Jan 18 15:04:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1215237,1215375,1217250,1217709,1217946,1217947,1218105,1218253,1218258,1218559,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6606,CVE-2023-6610,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:161-1 Released: Thu Jan 18 18:40:46 2024 Summary: Recommended update for dpdk22 Type: recommended Severity: moderate References: This update of dpdk22 fixes the following issue: - DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:164-1 Released: Fri Jan 19 05:47:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1207987 This update for util-linux fixes the following issues: - Instead of explicitly truncating clocks.txt file, pad with whitespaces in the end of file. This is done to improve performance of libuuid on xfs. (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:189-1 Released: Tue Jan 23 13:54:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:232-1 Released: Thu Jan 25 11:58:05 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.3.18 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:264-1 Released: Tue Jan 30 14:19:02 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:474-1 Released: Wed Feb 14 18:00:29 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1193285,1215275,1216702,1217987,1217988,1217989,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1219053,1219120,1219412,1219434,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0775,CVE-2024-1086 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:475-1 Released: Wed Feb 14 19:08:44 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:525-1 Released: Mon Feb 19 08:03:59 2024 Summary: Security update for libssh Type: security Severity: important References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:569-1 Released: Wed Feb 21 07:19:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:834-1 Released: Mon Mar 11 14:22:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:04 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:853-1 Released: Tue Mar 12 17:20:28 2024 Summary: Recommended update for qrencode Type: recommended Severity: moderate References: This update for qrencode fixes the following issues: - update to 4.1.1 (jsc#PED-7296): * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:857-1 Released: Wed Mar 13 01:07:44 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1200599,1207653,1212514,1213456,1216223,1218195,1218689,1218915,1219127,1219128,1219146,1219295,1219653,1219827,1219835,1219915,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220253,1220255,1220328,1220330,1220344,1220398,1220409,1220416,1220418,1220421,1220436,1220444,1220459,1220469,1220482,1220526,1220538,1220570,1220572,1220599,1220627,1220641,1220649,1220660,1220689,1220700,1220735,1220736,1220737,1220742,1220745,1220767,1220796,1220825,1220826,1220831,1220845,1220860,1220863,1220870,1220917,1220918,1220930,1220931,1220932,1221039,1221040,CVE-2019-25162,CVE-2020-36777,CVE-2020-36784,CVE-2021-46904,CVE-2021-46905,CVE-2021-46906,CVE-2021-46915,CVE-2021-46924,CVE-2021-46929,CVE-2021-46932,CVE-2021-46934,CVE-2021-46953,CVE-2021-46964,CVE-2021-46966,CVE-2021-46968,CVE-2021-46974,CVE-2021-46989,CVE-2021-47005,CVE-2021-47012,CVE-2021-47013,CVE-2021-47054,CVE-2021-47060,CVE-2021-47061,CVE-2021-47069,CVE-2021-47076,CVE-2021-47078,CVE-2021-47083,CVE-2022-201 54,CVE-2022-48627,CVE-2023-28746,CVE-2023-35827,CVE-2023-46343,CVE-2023-51042,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52463,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52502,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52569,CVE-2023-52574,CVE-2023-52597,CVE-2023-52605,CVE-2023-6817,CVE-2024-0340,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26593,CVE-2024-26595,CVE-2024-26602,CVE-2024-26607,CVE-2024-26622 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk. - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:860-1 Released: Wed Mar 13 08:45:21 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218865,CVE-2023-5981,CVE-2024-0553 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:896-1 Released: Thu Mar 14 15:54:44 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: parse updater format from XML configuration to ensure install calls can run ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:935-1 Released: Tue Mar 19 13:03:44 2024 Summary: Security update for xen Type: security Severity: moderate References: 1219885,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:944-1 Released: Wed Mar 20 09:15:53 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:59 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1118-1 Released: Fri Apr 5 06:33:40 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1126-1 Released: Mon Apr 8 07:06:47 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1152-1 Released: Mon Apr 8 11:36:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221332,1221334,CVE-2023-28746,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1180-1 Released: Tue Apr 9 21:13:49 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: important References: 1217301,1217302 This update for python-azure-agent contains the following fixes: - Recognise SLE-Micro as a SLE based distro. - Create sub-packages for the config (jsc#PED-7869) + Remove config manipulation from image building + Set up a config for SLE-Micro + Makes deafult upstream config available - Update to 2.9.1.1 (bsc#1217301, bsc#1217302) + Update unittest.mock + Download certificates when goal state source is fast track #2761 + Increase the max number of extension events by 20% #2785 + Remove version suffix from extension slice #2782 + Support int type for eventPid and eventTid fields #2786 + Improve log for swap counter not found #2789 + Remove cgroup files during deprovisioning #2790 + Log VM architecture in heartbeat telemetry for arm64 adoption monitoring #2818 + Enforce memory usage for agent #2671 + Use common download logic for agent downloads #2682 + Implement Fedora distro #2642 + Report message in handler heartbeat #2688 + Remove dependency on pathlib from makepkg #2717 + Do not fetch extensions goal state in log collector #2713 + Update log collector unit file to remove memory limit #2757 + Fix bug in get_dhcp_pid (CoreOS) #2784 + Fetch full distro version for mariner #2773 >From 2.9.04 + Resource Governance on extensions (CPU monitoring and enforcing & Memory monitoring) #2632 #2581 #2555 + Agent resource governance #2597 #2591 #2546 + monitor system-wide memory metrics (#2610) + Additional telemetry for goal state (#2675) + HostGAPlugin usage improvements #2662 #2673 #2655 #2651 + Add logging statements for mrseq migration during update (#2667) + Logcollector memory usage #2658 #2637 + Update Log Collector default in Comments and Readme (#2608) + Improve telemetry success and failure markers (#2605) #2604 #2599 + Fix formatting of exceptions on Python 3.10 (traceback.format's etype argument) (#2663) + Fix UNKNOWN(Zombie) Process in unexpected processes check (#2644) + SUSE: Fix valid values for DHCLIENT_HOSTNAME_OPTION (#2643) + Debian - string conversion for systemd service (#2574) + Do not set a CPU quota on the agent for RHEL and Centos (#2685) #2689 #2693 + support rhel distro (#2620) #2598 + Added support for devuan linux distribution (#2553) No incremental updates between 2.8.011 and 2.9.0.4 - Clean up conditions in spec file: + There is no maintained distro > 1315 (SLE12) AND < 1500 (SLE15). Only openSUSE 13.2 and 13.3 lived in that space, but they are clearly not the target of this spec file. + if 0%{?Suse_version} && 0{?suse_version} > 1315: no need to first validate suse_version being defined: whenever it is > 1315, must be defined. - Add patch to use unittest.mock first, falling back to mock if required. - Tighten Requires against python3-mock. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1190-1 Released: Wed Apr 10 03:28:33 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:35 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1302-1 Released: Tue Apr 16 07:23:44 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: critical References: 1222620 This update for python-azure-agent fixes the following issues: - Keep the existing config file (bsc#1222620) - Do not force wicked dependency for networking, allow NM in SLE Micro 5.5 and for ALP based products ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1335-1 Released: Thu Apr 18 14:44:22 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1352-1 Released: Fri Apr 19 15:28:38 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1220132,1221132,1221726,1222113 This update for cloud-init contains the following fixes: - Add cloud-init-no-nmcfg-needed.patch (bsc#1221726) + Do not require a NetworkManager config file in order to detect NetworkManager as the renderer - Add cloud-init-no-openstack-guess.patch (bsc#1222113) + Do not guess if we are running on OpenStack or not. Only recognize the known markers and enable cloud-init if we know for sure. - Do not guess a data source when checking for a CloudStack environment. (bsc#1221132) - Hardcode distribution to suse for proper cloud.cfg generation (bsc#1220132). - Prepare for RPM 4.20 switch patch syntax ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1434-1 Released: Thu Apr 25 09:11:03 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1474-1 Released: Tue Apr 30 06:21:02 2024 Summary: Recommended update for cups Type: recommended Severity: important References: 1217119 This update for cups fixes the following issues: - Fix occasional stuck on poll() loop (bsc#1217119) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1488-1 Released: Thu May 2 15:29:32 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1489-1 Released: Fri May 3 09:36:22 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184942,1186060,1192145,1194516,1208995,1209635,1209657,1212514,1213456,1217987,1217988,1217989,1218336,1218447,1218479,1218562,1219170,1219264,1220320,1220340,1220366,1220400,1220411,1220413,1220414,1220425,1220426,1220429,1220432,1220442,1220445,1220465,1220468,1220475,1220484,1220486,1220487,1220516,1220521,1220528,1220529,1220532,1220554,1220556,1220557,1220560,1220561,1220566,1220575,1220580,1220583,1220611,1220615,1220621,1220625,1220630,1220631,1220638,1220639,1220640,1220641,1220662,1220663,1220669,1220670,1220677,1220678,1220685,1220687,1220688,1220692,1220697,1220703,1220706,1220733,1220734,1220739,1220743,1220745,1220749,1220751,1220753,1220758,1220759,1220764,1220768,1220769,1220777,1220779,1220785,1220790,1220794,1220824,1220826,1220829,1220836,1220846,1220850,1220861,1220871,1220883,1220946,1220954,1220969,1220979,1220982,1220985,1220987,1221015,1221044,1221058,1221061,1221077,1221088,1221276,1221293,1221532,1221534,1221541,1221548,1221552,1221575,1221605,1 221606,1221608,1221830,1221931,1221932,1221934,1221935,1221949,1221952,1221965,1221966,1221969,1221973,1221974,1221978,1221989,1221990,1221991,1221992,1221993,1221994,1221996,1221997,1221998,1221999,1222000,1222001,1222002,1222003,1222004,1222117,1222422,1222585,1222619,1222660,1222664,1222669,1222706,CVE-2020-36780,CVE-2020-36781,CVE-2020-36782,CVE-2020-36783,CVE-2021-23134,CVE-2021-29155,CVE-2021-46908,CVE-2021-46909,CVE-2021-46911,CVE-2021-46914,CVE-2021-46917,CVE-2021-46918,CVE-2021-46919,CVE-2021-46920,CVE-2021-46921,CVE-2021-46922,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46938,CVE-2021-46939,CVE-2021-46943,CVE-2021-46944,CVE-2021-46950,CVE-2021-46951,CVE-2021-46956,CVE-2021-46958,CVE-2021-46959,CVE-2021-46960,CVE-2021-46961,CVE-2021-46962,CVE-2021-46963,CVE-2021-46971,CVE-2021-46976,CVE-2021-46980,CVE-2021-46981,CVE-2021-46983,CVE-2021-46984,CVE-2021-46988,CVE-2021-46990,CVE-2021-46991,CVE-2021-46992,CVE-2021-46998,CVE-2021-47000,CVE-2021-47001,CVE-2021-47003,CVE- 2021-47006,CVE-2021-47009,CVE-2021-47013,CVE-2021-47014,CVE-2021-47015,CVE-2021-47017,CVE-2021-47020,CVE-2021-47026,CVE-2021-47034,CVE-2021-47035,CVE-2021-47038,CVE-2021-47044,CVE-2021-47045,CVE-2021-47046,CVE-2021-47049,CVE-2021-47051,CVE-2021-47055,CVE-2021-47056,CVE-2021-47058,CVE-2021-47061,CVE-2021-47063,CVE-2021-47065,CVE-2021-47068,CVE-2021-47069,CVE-2021-47070,CVE-2021-47071,CVE-2021-47073,CVE-2021-47077,CVE-2021-47082,CVE-2021-47087,CVE-2021-47095,CVE-2021-47097,CVE-2021-47100,CVE-2021-47101,CVE-2021-47109,CVE-2021-47110,CVE-2021-47112,CVE-2021-47114,CVE-2021-47117,CVE-2021-47118,CVE-2021-47119,CVE-2021-47120,CVE-2021-47130,CVE-2021-47136,CVE-2021-47137,CVE-2021-47138,CVE-2021-47139,CVE-2021-47141,CVE-2021-47142,CVE-2021-47144,CVE-2021-47150,CVE-2021-47153,CVE-2021-47160,CVE-2021-47161,CVE-2021-47164,CVE-2021-47165,CVE-2021-47166,CVE-2021-47167,CVE-2021-47168,CVE-2021-47169,CVE-2021-47170,CVE-2021-47171,CVE-2021-47172,CVE-2021-47173,CVE-2021-47174,CVE-2021-47175,CVE-2021-47 176,CVE-2021-47177,CVE-2021-47179,CVE-2021-47180,CVE-2021-47181,CVE-2021-47183,CVE-2021-47185,CVE-2021-47189,CVE-2022-0487,CVE-2022-4744,CVE-2022-48626,CVE-2023-0160,CVE-2023-1192,CVE-2023-28746,CVE-2023-35827,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52492,CVE-2023-52500,CVE-2023-52508,CVE-2023-52509,CVE-2023-52572,CVE-2023-52575,CVE-2023-52583,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52628,CVE-2023-6270,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-22099,CVE-2024-26600,CVE-2024-26614,CVE-2024-26642,CVE-2024-26704,CVE-2024-26733 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1534-1 Released: Mon May 6 14:55:19 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1540-1 Released: Tue May 7 09:24:25 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1567-1 Released: Thu May 9 12:33:42 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1569-1 Released: Thu May 9 13:17:26 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1642-1 Released: Tue May 14 15:38:24 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190576,1192145,1200313,1201489,1203906,1203935,1204614,1211592,1218562,1218917,1219169,1219170,1219264,1220513,1220755,1220854,1221113,1221299,1221543,1221545,1222449,1222482,1222503,1222559,1222585,1222624,1222666,1222669,1222709,1222790,1222792,1222829,1222876,1222878,1222881,1222883,1222894,1222976,1223016,1223057,1223111,1223187,1223202,1223475,1223482,1223509,1223513,1223522,1223824,1223921,1223923,1223931,1223941,1223948,1223952,1223963,CVE-2021-46955,CVE-2021-47041,CVE-2021-47074,CVE-2021-47113,CVE-2021-47131,CVE-2021-47184,CVE-2021-47185,CVE-2021-47194,CVE-2021-47198,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47206,CVE-2021-47207,CVE-2021-47212,CVE-2021-47216,CVE-2022-48631,CVE-2022-48638,CVE-2022-48650,CVE-2022-48651,CVE-2022-48654,CVE-2022-48672,CVE-2022-48686,CVE-2022-48687,CVE-2022-48693,CVE-2022-48695,CVE-2022-48701,CVE-2022-48702,CVE-2023-2860,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-26610,CVE-2024-26688,C VE-2024-26689,CVE-2024-26733,CVE-2024-26739,CVE-2024-26744,CVE-2024-26816,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26898,CVE-2024-26903,CVE-2024-26906,CVE-2024-27043 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1775-1 Released: Fri May 24 15:20:59 2024 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1792-1 Released: Mon May 27 18:05:34 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679,1223107 This update for suseconnect-ng fixes the following issues: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:461-1 Released: Wed May 29 09:34:10 2024 Summary: Security update for libxml2 Type: security Severity: important References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1826-1 Released: Wed May 29 10:43:45 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1863-1 Released: Thu May 30 14:18:27 2024 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1982-1 Released: Tue Jun 11 12:12:44 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2003-1 Released: Wed Jun 12 07:30:30 2024 Summary: Security update for cups Type: security Severity: important References: 1223179,1225365,CVE-2024-35235 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2009-1 Released: Wed Jun 12 13:47:43 2024 Summary: Security update for curl Type: security Severity: moderate References: 1219273,CVE-2023-27534 This update for curl fixes the following issues: - CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2033-1 Released: Sun Jun 16 12:19:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2035-1 Released: Mon Jun 17 09:29:26 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: 33666 Released: Wed Jun 19 08:36:53 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222086,1223430,1223766 This update for libsolv, libzypp, zypper fixes the following issues: - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2185-1 Released: Mon Jun 24 21:04:36 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1152472,1154353,1156395,1174585,1176447,1176774,1176869,1178134,1181147,1184631,1185570,1185589,1185902,1186885,1187357,1188616,1188772,1189883,1190795,1191452,1192107,1194288,1194591,1196956,1197760,1198029,1199304,1200619,1203389,1206646,1209657,1210335,1210629,1213476,1215420,1216702,1217169,1220137,1220144,1220754,1220877,1220960,1221044,1221113,1221829,1222251,1222619,1222838,1222867,1223084,1223138,1223384,1223390,1223512,1223932,1223934,1224099,1224174,1224438,1224482,1224511,1224592,1224816,1224826,1224830,1224831,1224832,1224834,1224841,1224842,1224843,1224844,1224846,1224849,1224852,1224853,1224854,1224859,1224882,1224886,1224888,1224889,1224891,1224892,1224893,1224899,1224904,1224907,1224909,1224916,1224917,1224922,1224923,1224924,1224926,1224928,1224953,1224954,1224955,1224957,1224961,1224963,1224965,1224966,1224968,1224981,1224982,1224983,1224984,1224987,1224990,1224993,1224996,1224997,1225026,1225030,1225058,1225060,1225083,1225084,1225091,1 225112,1225113,1225128,1225140,1225143,1225148,1225155,1225164,1225177,1225178,1225181,1225192,1225193,1225198,1225201,1225206,1225207,1225208,1225214,1225223,1225224,1225230,1225232,1225233,1225237,1225238,1225243,1225244,1225247,1225251,1225252,1225256,1225261,1225262,1225263,1225301,1225303,1225316,1225318,1225320,1225321,1225322,1225326,1225327,1225328,1225330,1225333,1225336,1225341,1225346,1225351,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225369,1225370,1225372,1225374,1225384,1225386,1225387,1225390,1225393,1225400,1225404,1225405,1225409,1225411,1225424,1225427,1225435,1225437,1225438,1225439,1225446,1225447,1225448,1225450,1225453,1225455,1225468,1225499,1225500,1225508,1225534,CVE-2020-36788,CVE-2021-3743,CVE-2021-39698,CVE-2021-43056,CVE-2021-43527,CVE-2021-47104,CVE-2021-47192,CVE-2021-47200,CVE-2021-47220,CVE-2021-47227,CVE-2021-47228,CVE-2021-47229,CVE-2021-47230,CVE-2021-47231,CVE-2021-47235,CVE-2021-47236,CVE-2021-47237,CVE-2021-47239,CVE-2021- 47240,CVE-2021-47241,CVE-2021-47246,CVE-2021-47252,CVE-2021-47253,CVE-2021-47254,CVE-2021-47255,CVE-2021-47258,CVE-2021-47259,CVE-2021-47260,CVE-2021-47261,CVE-2021-47263,CVE-2021-47265,CVE-2021-47267,CVE-2021-47269,CVE-2021-47270,CVE-2021-47274,CVE-2021-47275,CVE-2021-47276,CVE-2021-47280,CVE-2021-47281,CVE-2021-47284,CVE-2021-47285,CVE-2021-47288,CVE-2021-47289,CVE-2021-47296,CVE-2021-47301,CVE-2021-47302,CVE-2021-47305,CVE-2021-47307,CVE-2021-47308,CVE-2021-47314,CVE-2021-47315,CVE-2021-47320,CVE-2021-47321,CVE-2021-47323,CVE-2021-47324,CVE-2021-47329,CVE-2021-47330,CVE-2021-47332,CVE-2021-47333,CVE-2021-47334,CVE-2021-47337,CVE-2021-47338,CVE-2021-47340,CVE-2021-47341,CVE-2021-47343,CVE-2021-47344,CVE-2021-47347,CVE-2021-47348,CVE-2021-47350,CVE-2021-47353,CVE-2021-47354,CVE-2021-47356,CVE-2021-47369,CVE-2021-47375,CVE-2021-47378,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47387,CVE-2021-47388,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47395,CVE-2021-47396,C VE-2021-47399,CVE-2021-47402,CVE-2021-47404,CVE-2021-47405,CVE-2021-47409,CVE-2021-47413,CVE-2021-47416,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47428,CVE-2021-47431,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47451,CVE-2021-47456,CVE-2021-47458,CVE-2021-47460,CVE-2021-47464,CVE-2021-47465,CVE-2021-47468,CVE-2021-47473,CVE-2021-47478,CVE-2021-47480,CVE-2021-47482,CVE-2021-47483,CVE-2021-47485,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47511,CVE-2021-47512,CVE-2021-47516,CVE-2021-47518,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47535,CVE-2021-47536,CVE-2021-47538,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47549,CVE-2021-47557,CVE-2021-47562,CVE-2021 -47563,CVE-2021-47565,CVE-2022-1195,CVE-2022-20132,CVE-2022-48636,CVE-2022-48673,CVE-2022-48704,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2176,CVE-2023-4244,CVE-2023-47233,CVE-2023-52433,CVE-2023-52581,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52686,CVE-2023-52840,CVE-2023-52871,CVE-2023-52880,CVE-2023-6531,CVE-2024-26581,CVE-2024-26643,CVE-2024-26828,CVE-2024-26921,CVE-2024-26925,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35895,CVE-2024-35914 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2215-1 Released: Tue Jun 25 17:15:25 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1225946 This update for python-azure-agent fixes the following issue: - Use the -Z option for mv and cp in the posttrans to properly handle SELinux context (bsc#1225946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2233-1 Released: Wed Jun 26 10:02:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1215918 This update for util-linux fixes the following issue: - fix Xen virtualization type misidentification (bsc#1215918) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2240-1 Released: Wed Jun 26 15:20:30 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2252-1 Released: Mon Jul 1 14:58:17 2024 Summary: Recommended update for sle-module-containers-release Type: recommended Severity: low References: This update for sle-module-containers-release contains the following fix: - Remove EOL Date from release package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2362-1 Released: Tue Jul 9 16:02:10 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1171988,1176447,1176774,1181147,1191958,1195065,1195254,1195798,1202623,1218148,1219224,1219633,1222015,1223011,1223384,1224671,1224703,1224749,1224764,1224765,1224766,1224865,1225010,1225047,1225109,1225161,1225184,1225203,1225487,1225518,1225611,1225732,1225749,1225840,1225866,1226226,1226537,1226552,1226554,1226557,1226558,1226562,1226563,1226575,1226583,1226585,1226587,1226595,1226614,1226619,1226621,1226624,1226643,1226644,1226645,1226647,1226650,1226669,1226670,1226672,1226674,1226679,1226686,1226691,1226692,1226698,1226703,1226708,1226709,1226711,1226712,1226713,1226715,1226716,1226720,1226721,1226732,1226758,1226762,1226786,1226962,CVE-2021-3896,CVE-2021-43389,CVE-2021-4439,CVE-2021-47247,CVE-2021-47311,CVE-2021-47328,CVE-2021-47368,CVE-2021-47372,CVE-2021-47379,CVE-2021-47571,CVE-2021-47576,CVE-2021-47583,CVE-2021-47589,CVE-2021-47595,CVE-2021-47596,CVE-2021-47600,CVE-2021-47602,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47617,CVE-2021-47618,C VE-2021-47619,CVE-2021-47620,CVE-2022-0435,CVE-2022-22942,CVE-2022-2938,CVE-2022-48711,CVE-2022-48715,CVE-2022-48717,CVE-2022-48722,CVE-2022-48724,CVE-2022-48726,CVE-2022-48728,CVE-2022-48730,CVE-2022-48732,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48767,CVE-2022-48768,CVE-2022-48771,CVE-2023-24023,CVE-2023-52707,CVE-2023-52752,CVE-2023-52881,CVE-2024-26822,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35878,CVE-2024-35950,CVE-2024-36894,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2533-1 Released: Tue Jul 16 14:12:31 2024 Summary: Security update for xen Type: security Severity: important References: 1222453,1227355,CVE-2024-2201,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2674-1 Released: Wed Jul 31 06:57:02 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:58 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2745-1 Released: Mon Aug 5 17:58:41 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update: * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:10 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2810-1 Released: Wed Aug 7 09:50:10 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,CVE-2024-1737,CVE-2024-1975 This update for bind fixes the following issues: - CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (bsc#1228256) - CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (bsc#1228257) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - bind-utils-9.16.6-150300.22.47.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - catatonit-0.2.0-150300.10.8.1 updated - chrony-pool-suse-4.1-150300.16.14.3 updated - chrony-4.1-150300.16.14.3 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - coreutils-8.32-150300.3.8.1 updated - cpio-2.12-150000.3.12.1 updated - cups-config-2.2.7-150000.3.62.1 updated - curl-7.66.0-150200.4.72.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - dhcp-client-4.3.6.P1-150000.6.19.1 updated - dhcp-4.3.6.P1-150000.6.19.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 updated - gawk-4.2.1-150000.3.3.1 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - gpg2-2.2.27-150300.3.8.1 updated - grub2-i386-pc-2.04-150300.22.43.1 updated - grub2-x86_64-efi-2.04-150300.22.43.1 updated - grub2-2.04-150300.22.43.1 updated - hwdata-0.380-150000.3.68.1 updated - hwinfo-21.85-150300.3.6.1 updated - kernel-default-5.3.18-150300.59.167.1 updated - krb5-1.19.2-150300.19.1 updated - less-530-150000.3.9.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libavahi-client3-0.7-150100.3.35.1 updated - libavahi-common3-0.7-150100.3.35.1 updated - libbind9-1600-9.16.6-150300.22.47.1 updated - libblkid1-2.36.2-150300.4.44.12 updated - libblogger2-2.26-150300.4.6.1 updated - libcap2-2.26-150000.4.9.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libcurl4-7.66.0-150200.4.72.1 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libdns1605-9.16.6-150300.22.47.1 updated - libeconf0-0.5.2-150300.3.11.1 updated - libfastjson4-0.99.8-150000.3.3.1 updated - libfdisk1-2.36.2-150300.4.44.12 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.5.1 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.62.6-150200.3.18.1 updated - libgnutls30-3.6.7-150200.14.31.1 updated - libirs1601-9.16.6-150300.22.47.1 updated - libisc1606-9.16.6-150300.22.47.1 updated - libisccc1600-9.16.6-150300.22.47.1 updated - libisccfg1600-9.16.6-150300.22.47.1 updated - libjansson4-2.14-150000.3.5.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.36.2-150300.4.44.12 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libns1604-9.16.6-150300.22.47.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 updated - libopenssl1_1-1.1.1d-150200.11.91.1 updated - libparted0-3.2-150300.21.3.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated - libprocps8-3.3.17-150000.7.39.1 added - libprotobuf-c1-1.3.2-150200.3.9.1 added - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libqrencode4-4.1.1-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.44.12 updated - libsolv-tools-base-0.7.29-150200.34.1 added - libsolv-tools-0.7.29-150200.34.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libssh-config-0.9.8-150200.13.6.2 added - libssh4-0.9.8-150200.13.6.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libuuid1-2.36.2-150300.4.44.12 updated - libuv1-1.18.0-150000.3.2.1 updated - libxml2-2-2.9.7-150000.3.70.1 updated - libxslt1-1.1.32-150000.3.14.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzypp-17.34.1-150200.106.2 updated - login_defs-4.8.1-150300.4.18.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - netcfg-11.6-150000.3.6.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - open-iscsi-2.1.7-150300.32.24.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - openssl-1_1-1.1.1d-150200.11.91.1 updated - pam-config-1.1-150200.3.6.1 updated - pam-1.3.0-150000.6.66.1 updated - parted-3.2-150300.21.3.1 updated - pciutils-3.5.6-150300.13.6.1 updated - perl-Bootloader-0.945-150300.3.12.1 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python-azure-agent-config-server-2.9.1.1-150400.3.41.1 added - python-azure-agent-2.9.1.1-150400.3.41.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 added - python3-Jinja2-2.10.1-150000.3.13.1 updated - python3-PyJWT-2.4.0-150200.3.8.1 updated - python3-apipkg-1.4-150000.3.6.1 updated - python3-attrs-19.3.0-150200.3.6.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.6-150300.22.47.1 updated - python3-blinker-1.4-150000.3.6.1 updated - python3-chardet-3.0.4-150000.5.3.1 updated - python3-configobj-5.0.6-150000.3.3.1 updated - python3-cryptography-3.3.2-150200.22.1 updated - python3-cssselect-1.0.3-150400.3.7.4 added - python3-idna-2.6-150000.3.3.1 updated - python3-importlib-metadata-1.5.0-150100.3.5.1 updated - python3-iniconfig-1.1.1-150000.1.11.1 updated - python3-jsonpatch-1.23-150100.3.5.1 updated - python3-jsonpointer-1.14-150000.3.2.1 updated - python3-jsonschema-3.2.0-150200.9.5.1 updated - python3-lxml-4.7.1-150200.3.12.1 added - python3-netifaces-0.10.6-150000.3.2.1 updated - python3-oauthlib-2.0.6-150000.3.6.1 updated - python3-passlib-1.7.4-150300.3.2.1 added - python3-ply-3.10-150000.3.5.1 updated - python3-pyasn1-0.4.2-150000.3.5.1 updated - python3-pyrsistent-0.14.4-150100.3.4.1 updated - python3-pyserial-3.4-150000.3.4.1 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-zipp-0.6.0-150100.3.5.1 updated - python3-3.6.15-150300.10.65.2 updated - rsyslog-module-relp-8.2106.0-150200.4.43.2 updated - rsyslog-8.2106.0-150200.4.43.2 updated - runc-1.1.13-150000.67.1 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150300.3.66.2 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150300.4.18.1 updated - shim-15.8-150300.4.20.2 updated - sle-module-containers-release-15.3-150300.58.3.2 updated - sudo-1.9.5p2-150300.3.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suse-module-tools-15.3.18-150300.3.25.1 updated - suseconnect-ng-1.11.0-150100.3.33.2 added - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - systemd-presets-common-SUSE-15-150100.8.23.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - timezone-2024a-150000.75.28.1 updated - util-linux-systemd-2.36.2-150300.4.44.11 updated - util-linux-2.36.2-150300.4.44.12 updated - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150300.4.35.1 updated - wicked-0.6.76-150300.4.35.1 updated - xen-libs-4.14.6_16-150300.3.75.1 updated - zypper-1.14.73-150200.81.6 updated - SUSEConnect-0.3.36-150300.20.6.1 removed - fdupes-1.61-1.452 removed - libprocps7-3.3.15-150000.7.31.1 removed - libruby2_5-2_5-2.5.9-150000.4.26.1 removed - libyaml-0-2-0.1.7-1.17 removed - ruby-common-2.1-3.15 removed - ruby2.5-2.5.9-150000.4.26.1 removed - ruby2.5-rubygem-gem2rpm-0.10.1-3.45 removed - ruby2.5-stdlib-2.5.9-150000.4.26.1 removed - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 removed - sysfsutils-2.1.0-3.3.1 removed - xxd-9.0.1443-150000.5.43.1 removed - zypper-migration-plugin-0.12.1618498507.b68ecea-1.1 removed From sle-container-updates at lists.suse.com Sat Aug 10 07:01:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 07:01:53 -0000 Subject: SUSE-IU-2024:831-1: Security update of sles-15-sp3-chost-byos-v20240807-x86-64 Message-ID: <20240810070141.35721FBA1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20240807-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:831-1 Image Tags : sles-15-sp3-chost-byos-v20240807-x86-64:20240807 Image Release : Severity : critical Type : security References : 1002895 1023051 1027519 1029961 1041742 1065729 1082216 1082233 1084909 1089497 1101820 1102408 1107105 1107342 1107342 1108281 1111622 1118088 1132160 1138666 1138715 1138746 1140095 1140101 1141157 1149792 1151927 1152472 1154353 1154609 1156395 1156395 1157881 1158095 1158763 1158830 1160435 1167732 1168699 1170175 1170267 1170415 1170446 1171479 1171988 1172073 1174585 1174713 1175678 1176389 1176447 1176447 1176588 1176774 1176774 1176785 1176785 1176869 1177083 1177120 1178134 1178168 1178168 1178760 1179534 1179610 1179805 1181147 1181147 1181477 1182066 1182066 1182142 1182421 1182422 1183663 1184177 1184208 1184505 1184631 1184753 1184942 1185570 1185589 1185902 1186060 1186673 1186885 1187045 1187357 1187829 1188441 1188500 1188616 1188772 1189608 1189883 1190576 1190795 1191452 1191731 1191958 1192051 1192107 1192145 1192145 1192986 1193173 1193285 1193412 1193752 1194038 1194288 1194516 1194557 1194591 1195065 1195254 1195798 1195916 1196293 1196647 1196696 1196933 1196956 1197760 1198029 1198101 1198165 1198331 1198533 1199046 1199282 1199282 1199304 1199304 1199636 1200217 1200313 1200528 1200599 1200619 1200710 1200731 1200975 1201253 1201384 1201399 1201489 1201627 1201817 1202234 1202498 1202498 1202623 1202845 1203300 1203389 1203517 1203669 1203750 1203760 1203818 1203906 1203935 1204145 1204294 1204364 1204405 1204489 1204563 1204614 1204942 1205533 1205588 1205604 1205756 1205758 1205758 1205760 1205762 1205767 1205803 1205855 1206024 1206212 1206402 1206418 1206447 1206480 1206480 1206608 1206627 1206646 1206674 1206684 1206684 1206798 1206798 1207004 1207036 1207071 1207157 1207270 1207270 1207534 1207543 1207598 1207653 1207805 1207853 1207987 1207987 1208003 1208036 1208074 1208474 1208574 1208600 1208604 1208721 1208928 1208995 1208995 1209039 1209122 1209229 1209233 1209233 1209287 1209342 1209536 1209565 1209635 1209657 1209657 1209779 1209859 1209979 1210015 1210141 1210169 1210286 1210298 1210323 1210335 1210335 1210382 1210419 1210448 1210533 1210557 1210557 1210584 1210629 1210638 1210643 1210658 1210660 1210715 1210740 1210778 1210780 1210783 1210791 1210797 1210799 1210853 1210940 1210950 1210959 1210996 1210999 1211026 1211037 1211043 1211078 1211079 1211089 1211105 1211131 1211131 1211158 1211186 1211188 1211190 1211203 1211256 1211257 1211261 1211419 1211427 1211427 1211461 1211519 1211547 1211578 1211590 1211592 1211592 1211596 1211598 1211599 1211612 1211622 1211674 1211721 1211738 1211754 1211757 1211796 1211828 1211829 1211867 1211886 1212051 1212101 1212101 1212126 1212128 1212129 1212154 1212158 1212160 1212187 1212222 1212230 1212260 1212301 1212368 1212418 1212422 1212475 1212475 1212494 1212501 1212502 1212504 1212513 1212514 1212514 1212516 1212517 1212544 1212606 1212703 1212741 1212756 1212759 1212799 1212819 1212835 1212842 1212846 1212910 1212928 1213004 1213008 1213059 1213061 1213120 1213127 1213167 1213171 1213172 1213173 1213174 1213189 1213212 1213229 1213229 1213231 1213245 1213272 1213286 1213287 1213354 1213384 1213443 1213456 1213456 1213476 1213487 1213500 1213500 1213504 1213514 1213517 1213543 1213546 1213551 1213557 1213582 1213582 1213585 1213586 1213588 1213601 1213616 1213616 1213638 1213639 1213653 1213666 1213673 1213748 1213812 1213853 1213854 1213868 1213915 1213915 1213916 1213927 1213940 1213945 1213951 1213968 1213969 1213970 1213971 1214006 1214019 1214025 1214037 1214052 1214052 1214052 1214054 1214071 1214076 1214081 1214082 1214083 1214107 1214108 1214109 1214120 1214149 1214169 1214233 1214248 1214254 1214275 1214290 1214292 1214297 1214344 1214348 1214350 1214351 1214380 1214386 1214395 1214451 1214460 1214460 1214546 1214572 1214691 1214692 1214713 1214764 1214768 1214781 1214788 1214806 1214842 1214922 1214924 1214925 1214934 1214960 1215004 1215005 1215006 1215007 1215033 1215064 1215095 1215098 1215099 1215100 1215101 1215102 1215103 1215115 1215117 1215145 1215150 1215204 1215215 1215221 1215237 1215265 1215275 1215275 1215286 1215294 1215299 1215322 1215323 1215323 1215356 1215371 1215375 1215420 1215427 1215434 1215434 1215467 1215472 1215474 1215496 1215518 1215692 1215698 1215713 1215744 1215745 1215746 1215747 1215748 1215858 1215860 1215861 1215889 1215891 1215904 1215905 1215908 1215918 1215935 1215936 1215940 1215947 1215968 1215979 1216001 1216046 1216049 1216051 1216058 1216091 1216123 1216129 1216134 1216167 1216174 1216223 1216259 1216377 1216378 1216388 1216390 1216410 1216412 1216419 1216474 1216522 1216541 1216546 1216546 1216547 1216548 1216576 1216584 1216594 1216598 1216654 1216664 1216696 1216702 1216702 1216750 1216751 1216807 1216827 1216853 1216862 1216922 1216965 1216976 1216987 1217000 1217119 1217140 1217169 1217212 1217215 1217250 1217277 1217287 1217316 1217320 1217321 1217324 1217326 1217329 1217330 1217332 1217408 1217432 1217445 1217450 1217513 1217573 1217589 1217592 1217593 1217667 1217695 1217696 1217709 1217775 1217780 1217873 1217946 1217947 1217950 1217952 1217961 1217969 1217987 1217987 1217988 1217988 1217989 1217989 1218014 1218105 1218126 1218148 1218171 1218186 1218195 1218201 1218209 1218215 1218232 1218253 1218258 1218282 1218291 1218336 1218364 1218447 1218475 1218479 1218492 1218544 1218548 1218559 1218561 1218562 1218562 1218571 1218632 1218649 1218668 1218689 1218713 1218730 1218739 1218752 1218757 1218762 1218763 1218765 1218768 1218782 1218804 1218812 1218814 1218831 1218832 1218836 1218851 1218865 1218866 1218871 1218894 1218894 1218915 1218917 1218926 1218926 1218927 1218952 1219004 1219026 1219031 1219053 1219108 1219120 1219123 1219123 1219127 1219128 1219146 1219169 1219170 1219170 1219189 1219189 1219224 1219238 1219241 1219243 1219264 1219264 1219265 1219267 1219268 1219273 1219295 1219412 1219425 1219434 1219438 1219442 1219460 1219520 1219559 1219576 1219581 1219633 1219639 1219642 1219653 1219666 1219767 1219823 1219823 1219826 1219826 1219827 1219835 1219851 1219851 1219852 1219852 1219854 1219854 1219885 1219901 1219915 1219941 1220009 1220061 1220082 1220137 1220140 1220144 1220187 1220238 1220240 1220241 1220243 1220250 1220253 1220255 1220279 1220320 1220328 1220330 1220340 1220344 1220366 1220389 1220398 1220400 1220409 1220411 1220413 1220414 1220416 1220418 1220421 1220425 1220426 1220429 1220432 1220436 1220441 1220442 1220444 1220445 1220459 1220465 1220468 1220469 1220475 1220482 1220484 1220486 1220487 1220513 1220516 1220521 1220526 1220528 1220529 1220532 1220538 1220554 1220556 1220557 1220560 1220561 1220566 1220570 1220572 1220575 1220580 1220583 1220599 1220611 1220615 1220621 1220625 1220627 1220630 1220631 1220638 1220639 1220640 1220641 1220641 1220649 1220660 1220662 1220663 1220664 1220669 1220670 1220677 1220678 1220679 1220679 1220685 1220687 1220688 1220689 1220692 1220697 1220700 1220703 1220706 1220724 1220733 1220734 1220735 1220736 1220737 1220739 1220742 1220743 1220745 1220745 1220749 1220751 1220753 1220754 1220755 1220758 1220759 1220763 1220764 1220767 1220768 1220769 1220770 1220771 1220777 1220779 1220785 1220790 1220794 1220796 1220824 1220825 1220826 1220826 1220829 1220831 1220836 1220845 1220846 1220850 1220854 1220860 1220861 1220863 1220870 1220871 1220877 1220883 1220917 1220918 1220930 1220931 1220932 1220946 1220954 1220960 1220969 1220979 1220982 1220985 1220987 1220996 1221015 1221039 1221040 1221044 1221044 1221050 1221058 1221061 1221077 1221088 1221113 1221113 1221123 1221146 1221184 1221194 1221218 1221239 1221276 1221293 1221299 1221332 1221334 1221358 1221361 1221361 1221399 1221400 1221407 1221525 1221525 1221532 1221534 1221541 1221543 1221545 1221548 1221552 1221563 1221575 1221605 1221606 1221608 1221632 1221665 1221667 1221829 1221830 1221831 1221854 1221900 1221901 1221931 1221932 1221934 1221935 1221940 1221949 1221952 1221963 1221965 1221966 1221969 1221973 1221974 1221978 1221984 1221989 1221990 1221991 1221992 1221993 1221994 1221996 1221997 1221998 1221999 1222000 1222001 1222002 1222003 1222004 1222015 1222021 1222075 1222075 1222086 1222086 1222105 1222109 1222117 1222171 1222251 1222302 1222398 1222422 1222449 1222453 1222453 1222482 1222503 1222547 1222548 1222559 1222585 1222585 1222619 1222619 1222624 1222660 1222664 1222666 1222669 1222669 1222706 1222709 1222790 1222792 1222829 1222831 1222838 1222842 1222849 1222867 1222876 1222878 1222881 1222883 1222894 1222976 1222992 1223011 1223016 1223057 1223084 1223094 1223107 1223107 1223111 1223138 1223179 1223187 1223202 1223384 1223384 1223390 1223423 1223424 1223425 1223430 1223475 1223482 1223509 1223512 1223513 1223522 1223766 1223824 1223921 1223923 1223931 1223932 1223934 1223941 1223948 1223952 1223963 1224044 1224099 1224100 1224174 1224282 1224323 1224438 1224482 1224511 1224592 1224671 1224703 1224749 1224764 1224765 1224766 1224788 1224816 1224826 1224830 1224831 1224832 1224834 1224841 1224842 1224843 1224844 1224846 1224849 1224852 1224853 1224854 1224859 1224865 1224882 1224886 1224888 1224889 1224891 1224892 1224893 1224899 1224904 1224907 1224909 1224916 1224917 1224922 1224923 1224924 1224926 1224928 1224953 1224954 1224955 1224957 1224961 1224963 1224965 1224966 1224968 1224981 1224982 1224983 1224984 1224987 1224990 1224993 1224996 1224997 1225010 1225026 1225030 1225047 1225058 1225060 1225083 1225084 1225091 1225109 1225112 1225113 1225128 1225140 1225143 1225148 1225155 1225161 1225164 1225177 1225178 1225181 1225184 1225192 1225193 1225198 1225201 1225203 1225206 1225207 1225208 1225214 1225223 1225224 1225230 1225232 1225233 1225237 1225238 1225243 1225244 1225247 1225251 1225252 1225256 1225261 1225262 1225263 1225301 1225303 1225316 1225318 1225320 1225321 1225322 1225326 1225327 1225328 1225330 1225333 1225336 1225341 1225346 1225351 1225354 1225355 1225357 1225358 1225360 1225361 1225365 1225366 1225367 1225369 1225370 1225372 1225374 1225384 1225386 1225387 1225390 1225393 1225400 1225404 1225405 1225409 1225411 1225424 1225427 1225435 1225437 1225438 1225439 1225446 1225447 1225448 1225450 1225453 1225455 1225468 1225487 1225499 1225500 1225508 1225518 1225534 1225551 1225611 1225732 1225749 1225840 1225866 1225912 1225976 1226125 1226128 1226192 1226226 1226419 1226447 1226448 1226469 1226537 1226552 1226554 1226557 1226558 1226562 1226563 1226575 1226583 1226585 1226587 1226595 1226614 1226619 1226621 1226624 1226643 1226644 1226645 1226647 1226650 1226664 1226669 1226670 1226672 1226674 1226679 1226686 1226691 1226692 1226698 1226703 1226708 1226709 1226711 1226712 1226713 1226715 1226716 1226720 1226721 1226732 1226758 1226762 1226786 1226962 1227067 1227106 1227186 1227187 1227355 1227396 1227429 1227681 1227711 1228256 1228257 1228322 1228770 916845 CVE-2007-4559 CVE-2013-4235 CVE-2013-4235 CVE-2018-10903 CVE-2018-19787 CVE-2018-6798 CVE-2018-6913 CVE-2019-11068 CVE-2019-13117 CVE-2019-13118 CVE-2019-13225 CVE-2019-14889 CVE-2019-18197 CVE-2019-25162 CVE-2020-12762 CVE-2020-12912 CVE-2020-16135 CVE-2020-1730 CVE-2020-25659 CVE-2020-25659 CVE-2020-26137 CVE-2020-26555 CVE-2020-27783 CVE-2020-29651 CVE-2020-29651 CVE-2020-36242 CVE-2020-36242 CVE-2020-36694 CVE-2020-36766 CVE-2020-36777 CVE-2020-36780 CVE-2020-36781 CVE-2020-36782 CVE-2020-36783 CVE-2020-36784 CVE-2020-36788 CVE-2020-8694 CVE-2020-8695 CVE-2021-23134 CVE-2021-28957 CVE-2021-29155 CVE-2021-29650 CVE-2021-30560 CVE-2021-33503 CVE-2021-33631 CVE-2021-3634 CVE-2021-3743 CVE-2021-3896 CVE-2021-39698 CVE-2021-43056 CVE-2021-43389 CVE-2021-43527 CVE-2021-43818 CVE-2021-4439 CVE-2021-46904 CVE-2021-46905 CVE-2021-46906 CVE-2021-46908 CVE-2021-46909 CVE-2021-46911 CVE-2021-46914 CVE-2021-46915 CVE-2021-46917 CVE-2021-46918 CVE-2021-46919 CVE-2021-46920 CVE-2021-46921 CVE-2021-46922 CVE-2021-46924 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932 CVE-2021-46933 CVE-2021-46934 CVE-2021-46938 CVE-2021-46939 CVE-2021-46943 CVE-2021-46944 CVE-2021-46950 CVE-2021-46951 CVE-2021-46953 CVE-2021-46955 CVE-2021-46956 CVE-2021-46958 CVE-2021-46959 CVE-2021-46960 CVE-2021-46961 CVE-2021-46962 CVE-2021-46963 CVE-2021-46964 CVE-2021-46966 CVE-2021-46968 CVE-2021-46971 CVE-2021-46974 CVE-2021-46976 CVE-2021-46980 CVE-2021-46981 CVE-2021-46983 CVE-2021-46984 CVE-2021-46988 CVE-2021-46989 CVE-2021-46990 CVE-2021-46991 CVE-2021-46992 CVE-2021-46998 CVE-2021-47000 CVE-2021-47001 CVE-2021-47003 CVE-2021-47005 CVE-2021-47006 CVE-2021-47009 CVE-2021-47012 CVE-2021-47013 CVE-2021-47013 CVE-2021-47014 CVE-2021-47015 CVE-2021-47017 CVE-2021-47020 CVE-2021-47026 CVE-2021-47034 CVE-2021-47035 CVE-2021-47038 CVE-2021-47041 CVE-2021-47044 CVE-2021-47045 CVE-2021-47046 CVE-2021-47049 CVE-2021-47051 CVE-2021-47054 CVE-2021-47055 CVE-2021-47056 CVE-2021-47058 CVE-2021-47060 CVE-2021-47061 CVE-2021-47061 CVE-2021-47063 CVE-2021-47065 CVE-2021-47068 CVE-2021-47069 CVE-2021-47069 CVE-2021-47070 CVE-2021-47071 CVE-2021-47073 CVE-2021-47074 CVE-2021-47076 CVE-2021-47077 CVE-2021-47078 CVE-2021-47082 CVE-2021-47083 CVE-2021-47087 CVE-2021-47095 CVE-2021-47097 CVE-2021-47100 CVE-2021-47101 CVE-2021-47104 CVE-2021-47109 CVE-2021-47110 CVE-2021-47112 CVE-2021-47113 CVE-2021-47114 CVE-2021-47117 CVE-2021-47118 CVE-2021-47119 CVE-2021-47120 CVE-2021-47130 CVE-2021-47131 CVE-2021-47136 CVE-2021-47137 CVE-2021-47138 CVE-2021-47139 CVE-2021-47141 CVE-2021-47142 CVE-2021-47144 CVE-2021-47150 CVE-2021-47153 CVE-2021-47160 CVE-2021-47161 CVE-2021-47164 CVE-2021-47165 CVE-2021-47166 CVE-2021-47167 CVE-2021-47168 CVE-2021-47169 CVE-2021-47170 CVE-2021-47171 CVE-2021-47172 CVE-2021-47173 CVE-2021-47174 CVE-2021-47175 CVE-2021-47176 CVE-2021-47177 CVE-2021-47179 CVE-2021-47180 CVE-2021-47181 CVE-2021-47183 CVE-2021-47184 CVE-2021-47185 CVE-2021-47185 CVE-2021-47189 CVE-2021-47192 CVE-2021-47194 CVE-2021-47198 CVE-2021-47200 CVE-2021-47201 CVE-2021-47202 CVE-2021-47203 CVE-2021-47206 CVE-2021-47207 CVE-2021-47212 CVE-2021-47216 CVE-2021-47220 CVE-2021-47227 CVE-2021-47228 CVE-2021-47229 CVE-2021-47230 CVE-2021-47231 CVE-2021-47235 CVE-2021-47236 CVE-2021-47237 CVE-2021-47239 CVE-2021-47240 CVE-2021-47241 CVE-2021-47246 CVE-2021-47247 CVE-2021-47252 CVE-2021-47253 CVE-2021-47254 CVE-2021-47255 CVE-2021-47258 CVE-2021-47259 CVE-2021-47260 CVE-2021-47261 CVE-2021-47263 CVE-2021-47265 CVE-2021-47267 CVE-2021-47269 CVE-2021-47270 CVE-2021-47274 CVE-2021-47275 CVE-2021-47276 CVE-2021-47280 CVE-2021-47281 CVE-2021-47284 CVE-2021-47285 CVE-2021-47288 CVE-2021-47289 CVE-2021-47296 CVE-2021-47301 CVE-2021-47302 CVE-2021-47305 CVE-2021-47307 CVE-2021-47308 CVE-2021-47311 CVE-2021-47314 CVE-2021-47315 CVE-2021-47320 CVE-2021-47321 CVE-2021-47323 CVE-2021-47324 CVE-2021-47328 CVE-2021-47329 CVE-2021-47330 CVE-2021-47332 CVE-2021-47333 CVE-2021-47334 CVE-2021-47337 CVE-2021-47338 CVE-2021-47340 CVE-2021-47341 CVE-2021-47343 CVE-2021-47344 CVE-2021-47347 CVE-2021-47348 CVE-2021-47350 CVE-2021-47353 CVE-2021-47354 CVE-2021-47356 CVE-2021-47368 CVE-2021-47369 CVE-2021-47372 CVE-2021-47375 CVE-2021-47378 CVE-2021-47379 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47387 CVE-2021-47388 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47395 CVE-2021-47396 CVE-2021-47399 CVE-2021-47402 CVE-2021-47404 CVE-2021-47405 CVE-2021-47409 CVE-2021-47413 CVE-2021-47416 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47428 CVE-2021-47431 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47451 CVE-2021-47456 CVE-2021-47458 CVE-2021-47460 CVE-2021-47464 CVE-2021-47465 CVE-2021-47468 CVE-2021-47473 CVE-2021-47478 CVE-2021-47480 CVE-2021-47482 CVE-2021-47483 CVE-2021-47485 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47511 CVE-2021-47512 CVE-2021-47516 CVE-2021-47518 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47535 CVE-2021-47536 CVE-2021-47538 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47549 CVE-2021-47557 CVE-2021-47562 CVE-2021-47563 CVE-2021-47565 CVE-2021-47571 CVE-2021-47576 CVE-2021-47583 CVE-2021-47589 CVE-2021-47595 CVE-2021-47596 CVE-2021-47600 CVE-2021-47602 CVE-2021-47609 CVE-2021-47611 CVE-2021-47612 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2022-0435 CVE-2022-0487 CVE-2022-1195 CVE-2022-1996 CVE-2022-20132 CVE-2022-20154 CVE-2022-2127 CVE-2022-22942 CVE-2022-2309 CVE-2022-23491 CVE-2022-28737 CVE-2022-2938 CVE-2022-3566 CVE-2022-36402 CVE-2022-40982 CVE-2022-40982 CVE-2022-41409 CVE-2022-4269 CVE-2022-42969 CVE-2022-4304 CVE-2022-45154 CVE-2022-45884 CVE-2022-45885 CVE-2022-45886 CVE-2022-45887 CVE-2022-45919 CVE-2022-4744 CVE-2022-48468 CVE-2022-48566 CVE-2022-48624 CVE-2022-48626 CVE-2022-48627 CVE-2022-48631 CVE-2022-48636 CVE-2022-48638 CVE-2022-48650 CVE-2022-48651 CVE-2022-48654 CVE-2022-48672 CVE-2022-48673 CVE-2022-48686 CVE-2022-48687 CVE-2022-48693 CVE-2022-48695 CVE-2022-48701 CVE-2022-48702 CVE-2022-48704 CVE-2022-48710 CVE-2022-48711 CVE-2022-48715 CVE-2022-48717 CVE-2022-48722 CVE-2022-48724 CVE-2022-48726 CVE-2022-48728 CVE-2022-48730 CVE-2022-48732 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48752 CVE-2022-48754 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48767 CVE-2022-48768 CVE-2022-48771 CVE-2023-0160 CVE-2023-0160 CVE-2023-0459 CVE-2023-1077 CVE-2023-1079 CVE-2023-1192 CVE-2023-1192 CVE-2023-1206 CVE-2023-1249 CVE-2023-1380 CVE-2023-1637 CVE-2023-1667 CVE-2023-1829 CVE-2023-1829 CVE-2023-1859 CVE-2023-2002 CVE-2023-2004 CVE-2023-2007 CVE-2023-20569 CVE-2023-20569 CVE-2023-20588 CVE-2023-20588 CVE-2023-20593 CVE-2023-20593 CVE-2023-20593 CVE-2023-2137 CVE-2023-21400 CVE-2023-2156 CVE-2023-2156 CVE-2023-2163 CVE-2023-2176 CVE-2023-2177 CVE-2023-2194 CVE-2023-22652 CVE-2023-2283 CVE-2023-23454 CVE-2023-23559 CVE-2023-23586 CVE-2023-23931 CVE-2023-24023 CVE-2023-2426 CVE-2023-2483 CVE-2023-2513 CVE-2023-2603 CVE-2023-2609 CVE-2023-2610 CVE-2023-27043 CVE-2023-27534 CVE-2023-2828 CVE-2023-2860 CVE-2023-28746 CVE-2023-28746 CVE-2023-28746 CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2023-2985 CVE-2023-30078 CVE-2023-30079 CVE-2023-3090 CVE-2023-31083 CVE-2023-31084 CVE-2023-31085 CVE-2023-3111 CVE-2023-3117 CVE-2023-31248 CVE-2023-3141 CVE-2023-31436 CVE-2023-31484 CVE-2023-3159 CVE-2023-3161 CVE-2023-32181 CVE-2023-32233 CVE-2023-32269 CVE-2023-32360 CVE-2023-3268 CVE-2023-32681 CVE-2023-33288 CVE-2023-3341 CVE-2023-33460 CVE-2023-3358 CVE-2023-3390 CVE-2023-34241 CVE-2023-34319 CVE-2023-34322 CVE-2023-34323 CVE-2023-34324 CVE-2023-34325 CVE-2023-34326 CVE-2023-34327 CVE-2023-34328 CVE-2023-3446 CVE-2023-34966 CVE-2023-34967 CVE-2023-34968 CVE-2023-34969 CVE-2023-35001 CVE-2023-3567 CVE-2023-35788 CVE-2023-35823 CVE-2023-35824 CVE-2023-35827 CVE-2023-35827 CVE-2023-35828 CVE-2023-35945 CVE-2023-36054 CVE-2023-3609 CVE-2023-3611 CVE-2023-3772 CVE-2023-3776 CVE-2023-3777 CVE-2023-3812 CVE-2023-3817 CVE-2023-38408 CVE-2023-38469 CVE-2023-38470 CVE-2023-38471 CVE-2023-38472 CVE-2023-38473 CVE-2023-38546 CVE-2023-3863 CVE-2023-39189 CVE-2023-39192 CVE-2023-39193 CVE-2023-39194 CVE-2023-39197 CVE-2023-39198 CVE-2023-39615 CVE-2023-39804 CVE-2023-4004 CVE-2023-4016 CVE-2023-40217 CVE-2023-40283 CVE-2023-4039 CVE-2023-4039 CVE-2023-4039 CVE-2023-40546 CVE-2023-40547 CVE-2023-40548 CVE-2023-40549 CVE-2023-40550 CVE-2023-40551 CVE-2023-4091 CVE-2023-4128 CVE-2023-4132 CVE-2023-4133 CVE-2023-4134 CVE-2023-4147 CVE-2023-4154 CVE-2023-4156 CVE-2023-4194 CVE-2023-4244 CVE-2023-42465 CVE-2023-42669 CVE-2023-4273 CVE-2023-42753 CVE-2023-42754 CVE-2023-43804 CVE-2023-4385 CVE-2023-4387 CVE-2023-4389 CVE-2023-4408 CVE-2023-4408 CVE-2023-44487 CVE-2023-4459 CVE-2023-4504 CVE-2023-45288 CVE-2023-45322 CVE-2023-45803 CVE-2023-45853 CVE-2023-45862 CVE-2023-45863 CVE-2023-45871 CVE-2023-45918 CVE-2023-46218 CVE-2023-4622 CVE-2023-4623 CVE-2023-46246 CVE-2023-46343 CVE-2023-4641 CVE-2023-46835 CVE-2023-46836 CVE-2023-46838 CVE-2023-46839 CVE-2023-46841 CVE-2023-46842 CVE-2023-4692 CVE-2023-4693 CVE-2023-47233 CVE-2023-47233 CVE-2023-4733 CVE-2023-4734 CVE-2023-4735 CVE-2023-4738 CVE-2023-4750 CVE-2023-4752 CVE-2023-4781 CVE-2023-4813 CVE-2023-48231 CVE-2023-48232 CVE-2023-48233 CVE-2023-48234 CVE-2023-48235 CVE-2023-48236 CVE-2023-48237 CVE-2023-48706 CVE-2023-48795 CVE-2023-48795 CVE-2023-4881 CVE-2023-49083 CVE-2023-4921 CVE-2023-4921 CVE-2023-50387 CVE-2023-50387 CVE-2023-50495 CVE-2023-50868 CVE-2023-50868 CVE-2023-51042 CVE-2023-51043 CVE-2023-51385 CVE-2023-51779 CVE-2023-51780 CVE-2023-51782 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429 CVE-2023-52433 CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52463 CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475 CVE-2023-52476 CVE-2023-52477 CVE-2023-52478 CVE-2023-52482 CVE-2023-52492 CVE-2023-52500 CVE-2023-52502 CVE-2023-52508 CVE-2023-52509 CVE-2023-52530 CVE-2023-52531 CVE-2023-52532 CVE-2023-52569 CVE-2023-52572 CVE-2023-52574 CVE-2023-52575 CVE-2023-52581 CVE-2023-52583 CVE-2023-52590 CVE-2023-52591 CVE-2023-52591 CVE-2023-52597 CVE-2023-52605 CVE-2023-52607 CVE-2023-52628 CVE-2023-52654 CVE-2023-52655 CVE-2023-52686 CVE-2023-52707 CVE-2023-52752 CVE-2023-52840 CVE-2023-52871 CVE-2023-52880 CVE-2023-52881 CVE-2023-5344 CVE-2023-5441 CVE-2023-5517 CVE-2023-5517 CVE-2023-5535 CVE-2023-5678 CVE-2023-5717 CVE-2023-5981 CVE-2023-5981 CVE-2023-6004 CVE-2023-6040 CVE-2023-6121 CVE-2023-6176 CVE-2023-6270 CVE-2023-6270 CVE-2023-6356 CVE-2023-6356 CVE-2023-6516 CVE-2023-6516 CVE-2023-6531 CVE-2023-6531 CVE-2023-6535 CVE-2023-6535 CVE-2023-6536 CVE-2023-6536 CVE-2023-6597 CVE-2023-6606 CVE-2023-6610 CVE-2023-6817 CVE-2023-6915 CVE-2023-6918 CVE-2023-6931 CVE-2023-6932 CVE-2023-7042 CVE-2023-7192 CVE-2023-7207 CVE-2024-0217 CVE-2024-0340 CVE-2024-0397 CVE-2024-0450 CVE-2024-0553 CVE-2024-0565 CVE-2024-0607 CVE-2024-0639 CVE-2024-0727 CVE-2024-0775 CVE-2024-0841 CVE-2024-1086 CVE-2024-1151 CVE-2024-1737 CVE-2024-1975 CVE-2024-2004 CVE-2024-21626 CVE-2024-21626 CVE-2024-2193 CVE-2024-2201 CVE-2024-2201 CVE-2024-22099 CVE-2024-22099 CVE-2024-22365 CVE-2024-22667 CVE-2024-23307 CVE-2024-23651 CVE-2024-23652 CVE-2024-23653 CVE-2024-23849 CVE-2024-23851 CVE-2024-2398 CVE-2024-25062 CVE-2024-2511 CVE-2024-25629 CVE-2024-26458 CVE-2024-26461 CVE-2024-26581 CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26593 CVE-2024-26595 CVE-2024-26600 CVE-2024-26602 CVE-2024-26607 CVE-2024-26610 CVE-2024-26614 CVE-2024-26622 CVE-2024-26642 CVE-2024-26643 CVE-2024-26688 CVE-2024-26689 CVE-2024-26704 CVE-2024-26733 CVE-2024-26733 CVE-2024-26739 CVE-2024-26744 CVE-2024-26816 CVE-2024-26822 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26898 CVE-2024-26903 CVE-2024-26906 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26929 CVE-2024-26930 CVE-2024-27043 CVE-2024-27398 CVE-2024-27413 CVE-2024-28085 CVE-2024-28182 CVE-2024-2961 CVE-2024-31142 CVE-2024-31143 CVE-2024-32487 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34397 CVE-2024-34459 CVE-2024-35195 CVE-2024-35235 CVE-2024-35789 CVE-2024-35811 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35878 CVE-2024-35895 CVE-2024-35914 CVE-2024-35950 CVE-2024-3651 CVE-2024-36894 CVE-2024-36904 CVE-2024-36940 CVE-2024-36964 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-4032 CVE-2024-4741 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20240807-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1221-1 Released: Mon May 13 13:28:42 2019 Summary: Security update for libxslt Type: security Severity: moderate References: 1132160,CVE-2019-11068 This update for libxslt fixes the following issues: Security issue fixed: - CVE-2019-11068: Fixed a protection mechanism bypass where callers of xsltCheckRead() and xsltCheckWrite() would permit access upon receiving an error (bsc#1132160). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1037-1 Released: Mon Apr 20 10:49:39 2020 Summary: Recommended update for python-pytest Type: recommended Severity: low References: 1002895,1107105,1138666,1167732 This update fixes the following issues: New python-pytest versions are provided. In Basesystem: - python3-pexpect: updated to 4.8.0 - python3-py: updated to 1.8.1 - python3-zipp: shipped as dependency in version 0.6.0 In Python2: - python2-pexpect: updated to 4.8.0 - python2-py: updated to 1.8.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:1409-1 Released: Mon May 25 17:01:33 2020 Summary: Security update for libxslt Type: security Severity: moderate References: 1140095,1140101,1154609,CVE-2019-13117,CVE-2019-13118,CVE-2019-18197 This update for libxslt fixes the following issues: Security issues fixed: - CVE-2019-13118: Fixed a read of uninitialized stack data (bsc#1140101). - CVE-2019-13117: Fixed a uninitialized read which allowed to discern whether a byte on the stack contains certain special characters (bsc#1140095). - CVE-2019-18197: Fixed a dangling pointer in xsltCopyText which may have led to information disclosure (bsc#1154609). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3592-1 Released: Wed Dec 2 10:31:34 2020 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1178168,CVE-2020-25659 This update for python-cryptography fixes the following issues: - CVE-2020-25659: Attempted to mitigate Bleichenbacher attacks on RSA decryption (bsc#1178168). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:594-1 Released: Thu Feb 25 09:29:35 2021 Summary: Security update for python-cryptography Type: security Severity: important References: 1182066,CVE-2020-36242 This update for python-cryptography fixes the following issues: - CVE-2020-36242: Using the Fernet class to symmetrically encrypt multi gigabyte values could result in an integer overflow and buffer overflow (bsc#1182066). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1859-1 Released: Fri Jun 4 09:02:38 2021 Summary: Security update for python-py Type: security Severity: moderate References: 1179805,1184505,CVE-2020-29651 This update for python-py fixes the following issues: - CVE-2020-29651: Fixed regular expression denial of service in svnwc.py (bsc#1179805, bsc#1184505). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2012-1 Released: Fri Jun 18 09:15:13 2021 Summary: Security update for python-urllib3 Type: security Severity: important References: 1187045,CVE-2021-33503 This update for python-urllib3 fixes the following issues: - CVE-2021-33503: Fixed a denial of service when the URL contained many @ characters in the authority component (bsc#1187045) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2817-1 Released: Mon Aug 23 15:03:36 2021 Summary: Security update for aws-cli, python-boto3, python-botocore, python-service_identity, python-trustme, python-urllib3 Type: security Severity: moderate References: 1102408,1138715,1138746,1176389,1177120,1182421,1182422,CVE-2020-26137 This patch updates the Python AWS SDK stack in SLE 15: General: # aws-cli - Version updated to upstream release v1.19.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-boto3 - Version updated to upstream release 1.17.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-botocore - Version updated to upstream release 1.20.9 For a detailed list of all changes, please refer to the changelog file of this package. # python-urllib3 - Version updated to upstream release 1.25.10 For a detailed list of all changes, please refer to the changelog file of this package. # python-service_identity - Added this new package to resolve runtime dependencies for other packages. Version: 18.1.0 # python-trustme - Added this new package to resolve runtime dependencies for other packages. Version: 0.6.0 Security fixes: # python-urllib3: - CVE-2020-26137: urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest() (bsc#1177120) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2548-1 Released: Tue Jul 26 13:48:28 2022 Summary: Critical update for python-cssselect Type: recommended Severity: critical References: This update for python-cssselect implements packages to the unrestrictied repository. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2831-1 Released: Wed Aug 17 14:41:04 2022 Summary: Recommended update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures, python-coverage, python-oniconfig, python-unittest-mixins Type: security Severity: moderate References: 1195916,1196696,CVE-2020-29651 This update for aws-efs-utils, python-ansi2html, python-py, python-pytest-html, python-pytest-metadata, python-pytest-rerunfailures fixes the following issues: - Update in SLE-15 (bsc#1196696, bsc#1195916, jsc#SLE-23972) - Remove redundant python3 dependency from Requires - Update regular expression to fix python shebang - Style is enforced upstream and triggers unnecessary build version requirements - Allow specifying fs_id in cloudwatch log group name - Includes fix for stunnel path - Added hardening to systemd service(s). - Raise minimal pytest version - Fix typo in the ansi2html Requires - Cleanup with spec-cleaner - Make sure the tests are really executed - Remove useless devel dependency - Multiprocessing support in Python 3.8 was broken, but is now fixed - Bumpy the URL to point to github rather than to docs ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2853-1 Released: Fri Aug 19 15:59:42 2022 Summary: Recommended update for sle-module-legacy-release Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship python3-iniconfig also to openSUSE 15.3 and 15.4 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2908-1 Released: Fri Aug 26 11:36:03 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1201253,CVE-2022-2309 This update for python-lxml fixes the following issues: - CVE-2022-2309: Fixed NULL pointer dereference due to state leak between parser runs (bsc#1201253). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2943-1 Released: Tue Aug 30 15:42:16 2022 Summary: Recommended update for python-iniconfig Type: recommended Severity: low References: 1202498 This update for python-iniconfig provides the following fix: - Ship missing python2-iniconfig to openSUSE 15.3 (bsc#1202498) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:3985-1 Released: Tue Nov 15 12:54:11 2022 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1204145 This update fixes for python3-apipkg the following issues: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4044-1 Released: Thu Nov 17 09:07:24 2022 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1101820,1149792,1176785,1177083,CVE-2018-10903 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Refresh patches for new version - Update in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2 * 2.9.2 - 2020-04-22 - Updated the macOS wheel to fix an issue where it would not run on macOS versions older than 10.15. * 2.9.1 - 2020-04-21 - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1g. * 2.9 - 2020-04-02 - BACKWARDS INCOMPATIBLE: Support for Python 3.4 has been removed due to low usage and maintenance burden. - BACKWARDS INCOMPATIBLE: Support for OpenSSL 1.0.1 has been removed. Users on older version of OpenSSL will need to upgrade. - BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.6.x has been removed. - Removed support for calling public_bytes() with no arguments, as per our deprecation policy. You must now pass encoding and format. - BACKWARDS INCOMPATIBLE: Reversed the order in which rfc4514_string() returns the RDNs as required by RFC 4514. - Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1f. - Added support for parsing single_extensions in an OCSP response. - NameAttribute values can now be empty strings. - Add openSSL_111d.patch to make this version of the package compatible with OpenSSL 1.1.1d, thus fixing bsc#1149792. - bsc#1101820 CVE-2018-10903 GCM tag forgery via truncated tag in finalize_with_tag API - Update in SLE-15 (bsc#1177083, jsc#PM-2730, jsc#SLE-18312) - Include in SLE-15 (bsc#1176785, jsc#ECO-3105, jsc#PM-2352) - update to 2.9.2: * updated vectors for the cryptography 2.9.2 testing ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4391-1 Released: Fri Dec 9 08:02:23 2022 Summary: Recommended update for libxslt Type: recommended Severity: low References: 1203669 This update for libxslt fixes the following issues: - Fix broken license symlink for libxslt-tools (bsc#1203669) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:139-1 Released: Wed Jan 25 14:41:55 2023 Summary: Security update for python-certifi Type: security Severity: important References: 1206212,CVE-2022-23491 This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:161-1 Released: Thu Jan 26 18:23:16 2023 Summary: Security update for python-py Type: security Severity: moderate References: 1204364,CVE-2022-42969 This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:604-1 Released: Thu Mar 2 15:51:55 2023 Summary: Security update for python-cryptography, python-cryptography-vectors Type: security Severity: important References: 1178168,1182066,1198331,1199282,CVE-2020-25659,CVE-2020-36242 This update for python-cryptography, python-cryptography-vectors fixes the following issues: - Update in SLE-15 (bsc#1199282, jsc#PM-3243, jsc#SLE-24629) - CVE-2020-36242: Fixed a bug where certain sequences of update() calls could result in integer overflow (bsc#1182066). - CVE-2020-25659: Fixed Bleichenbacher vulnerabilities (bsc#1178168). - update to 3.3.2 (bsc#1198331) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:680-1 Released: Wed Mar 8 17:14:06 2023 Summary: Security update for libxslt Type: security Severity: important References: 1208574,CVE-2021-30560 This update for libxslt fixes the following issues: - CVE-2021-30560: Fixing a use after free vulnerability in Blink XSLT (bsc#1208574). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1763-1 Released: Tue Apr 4 14:35:52 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1208036,CVE-2023-23931 This update for python-cryptography fixes the following issues: - CVE-2023-23931: Fixed memory corruption in Cipher.update_into (bsc#1208036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2143-1 Released: Tue May 9 14:49:45 2023 Summary: Security update for protobuf-c Type: security Severity: important References: 1210323,CVE-2022-48468 This update for protobuf-c fixes the following issues: - CVE-2022-48468: Fixed an unsigned integer overflow. (bsc#1210323) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2517-1 Released: Thu Jun 15 07:09:52 2023 Summary: Security update for python3 Type: security Severity: moderate References: 1203750,1211158,CVE-2007-4559 This update for python3 fixes the following issues: - CVE-2007-4559: Fixed filter for tarfile.extractall (bsc#1203750). - Fixed unittest.mock.patch.dict returns function when applied to coroutines (bsc#1211158). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2519-1 Released: Thu Jun 15 08:25:19 2023 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1203818 This update for supportutils fixes the following issues: - Added missed sanitation check on crash.txt (bsc#1203818) - Added check to _sanitize_file - Using variable for replement text in _sanitize_file ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2571-1 Released: Wed Jun 21 13:32:31 2023 Summary: Security update for Salt Type: security Severity: moderate References: 1207071,1209233,1211612,1211754,1212516,1212517 This update for salt fixes the following issues: salt: - Update to Salt release version 3006.0 (jsc#PED-4361) * See release notes: https://docs.saltproject.io/en/latest/topics/releases/3006.0.html - Add missing patch after rebase to fix collections Mapping issues - Add python3-looseversion as new dependency for salt - Add python3-packaging as new dependency for salt - Allow entrypoint compatibility for 'importlib-metadata>=5.0.0' (bsc#1207071) - Avoid conflicts with Salt dependencies versions (bsc#1211612) - Avoid failures due transactional_update module not available in Salt 3006.0 (bsc#1211754) - Create new salt-tests subpackage containing Salt tests - Drop conflictive patch dicarded from upstream - Fix package build with old setuptools versions - Fix SLS rendering error when Jinja macros are used - Fix version detection and avoid building and testing failures - Prevent deadlocks in salt-ssh executions - Require python3-jmespath runtime dependency (bsc#1209233) - Make master_tops compatible with Salt 3000 and older minions (bsc#1212516, bsc#1212517) python-jmespath: - Deliver python3-jmespath to SUSE Linux Enterprise Micro on s390x architecture as it is now required by Salt (no source changes) python-ply: - Deliver python3-ply to SUSE Linux Enterprise Micro on s390x architecture as it is a requirement for python-jmespath (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2611-1 Released: Thu Jun 22 09:55:10 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184208,1199636,1204405,1205756,1205758,1205760,1205762,1205803,1206024,1208474,1208604,1209287,1209779,1210715,1210783,1210940,1211037,1211043,1211105,1211131,1211186,1211203,1211590,1211592,1211596,1211622,CVE-2020-36694,CVE-2021-29650,CVE-2022-3566,CVE-2022-4269,CVE-2022-45884,CVE-2022-45885,CVE-2022-45886,CVE-2022-45887,CVE-2022-45919,CVE-2023-1079,CVE-2023-1380,CVE-2023-1637,CVE-2023-2156,CVE-2023-2194,CVE-2023-23586,CVE-2023-2483,CVE-2023-2513,CVE-2023-31084,CVE-2023-31436,CVE-2023-32233,CVE-2023-32269,CVE-2023-33288 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-1637: Fixed vulnerability that could lead to unauthorized access to CPU memory after resuming CPU from suspend-to-RAM (bsc#1209779). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2021-29650: Fixed an issue where the netfilter subsystem allowed attackers to cause a denial of service (bsc#1184208). - CVE-2020-36694: Fixed an use-after-free issue in netfilter in the packet processing context (bsc#1211596). - CVE-2023-1079: Fixed a use-after-free problem that could have been triggered in asus_kbd_backlight_set when plugging/disconnecting a malicious USB device (bsc#1208604). - CVE-2023-33288: Fixed a use-after-free in bq24190_remove in drivers/power/supply/bq24190_charger.c (bsc#1211590). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2023-31084: Fixed a blocking issue in drivers/media/dvb-core/dvb_frontend.c (bsc#1210783). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-32233: Fixed a use-after-free in Netfilter nf_tables when processing batch requests (bsc#1211043). - CVE-2022-4269: Fixed a flaw was found inside the Traffic Control (TC) subsystem (bsc#1206024). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-2483: Fixed a use after free bug in emac_remove caused by a race condition (bsc#1211037). - CVE-2023-23586: Fixed a memory information leak in the io_uring subsystem (bsc#1208474). The following non-security bugs were fixed: - SUNRPC: Ensure the transport backchannel association (bsc#1211203). - hv: vmbus: Optimize vmbus_on_event (bsc#1211622). - ipv6: sr: fix out-of-bounds read when setting HMAC data (bsc#1211592). - s390,dcssblk,dax: Add dax zero_page_range operation to dcssblk driver (bsc#1199636). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2616-1 Released: Thu Jun 22 16:47:50 2023 Summary: Security update for cups Type: security Severity: important References: 1212230,CVE-2023-34241 This update for cups fixes the following issues: - CVE-2023-34241: Fixed a use-after-free problem in cupsdAcceptClient() (bsc#1212230). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2625-1 Released: Fri Jun 23 17:16:11 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate References: This update for gcc12 fixes the following issues: - Update to GCC 12.3 release, 0c61aa720e62f1baf0bfd178e283, git1204 * includes regression and other bug fixes - Speed up builds with --enable-link-serialization. - Update embedded newlib to version 4.2.0 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2640-1 Released: Mon Jun 26 15:09:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1210996,1211256,1211257,CVE-2023-2426,CVE-2023-2609,CVE-2023-2610 This update for vim fixes the following issues: - CVE-2023-2426: Fixed out-of-range pointer offset (bsc#1210996). - CVE-2023-2609: Fixed NULL pointer dereference (bsc#1211256). - CVE-2023-2610: Fixed integer overflow or wraparound (bsc#1211257). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2649-1 Released: Tue Jun 27 10:01:13 2023 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - update to 0.371: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2658-1 Released: Tue Jun 27 14:46:15 2023 Summary: Recommended update for containerd, docker, runc Type: recommended Severity: moderate References: 1207004,1208074,1210298,1211578 This update for containerd, docker, runc fixes the following issues: - Update to containerd v1.6.21 (bsc#1211578) - Update to Docker 23.0.6-ce (bsc#1211578) - Update to runc v1.1.7 - Require a minimum Go version explicitly (bsc#1210298) - Re-unify packaging for SLE-12 and SLE-15 - Fix build on SLE-12 by switching back to libbtrfs-devel headers - Allow man pages to be built without internet access in OBS - Add apparmor-parser as a Recommends to make sure that most users will end up with it installed even if they are primarily running SELinux - Fix syntax of boolean dependency - Allow to install container-selinux instead of apparmor-parser - Change to using systemd-sysusers - Update runc.keyring to upstream version - Fix the inability to use `/dev/null` when inside a container (bsc#1207004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2742-1 Released: Fri Jun 30 11:40:56 2023 Summary: Recommended update for autoyast2, libzypp, yast2-pkg-bindings, yast2-update, zypper Type: recommended Severity: moderate References: 1202234,1209565,1211261,1212187,1212222 This update for yast2-pkg-bindings fixes the following issues: libzypp was updated to version 17.31.14 (22): - Curl: trim all custom headers (bsc#1212187) HTTP/2 RFC 9113 forbids fields ending with a space. So we make sure all custom headers are trimmed. This also includes headers returned by URL-Resolver plugins. - build: honor libproxy.pc's includedir (bsc#1212222) zypper was updated to version 1.14.61: - targetos: Add an error note if XPath:/product/register/target is not defined in /etc/products.d/baseproduct (bsc#1211261) - targetos: Update help and man page (bsc#1211261) yast2-pkg-bindings, autoyast: - Added a new option for rebuilding the RPM database (--rebuilddb) (bsc#1209565) - Selected products are not installed after resetting the package manager internally (bsc#1202234) yast2-update: - Rebuild the RPM database during upgrade (--rebuilddb) (bsc#1209565) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2761-1 Released: Mon Jul 3 15:16:44 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1201817 This update for libjansson fixes the following issues: - Update to 2.14 (bsc#1201817): * New Features: + Add `json_object_getn`, `json_object_setn`, `json_object_deln`, and the corresponding `nocheck` functions. + Add jansson_version_str() and jansson_version_cmp() for runtime version checking + Add json_object_update_new(), json_object_update_existing_new() and json_object_update_missing_new() functions + Add json_object_update_recursive() + Add `json_pack()` format specifiers s*, o* and O* for values that can be omitted if null + Add `json_error_code()` to retrieve numeric error codes + Enable thread safety for `json_dump()` on all systems. Enable thread safe `json_decref()` and `json_incref()` for modern compilers + Add `json_sprintf()` and `json_vsprintf()` * Fixes: + Handle `sprintf` corner cases. + Add infinite loop check in json_deep_copy() + Enhance JANSSON_ATTRS macro to support earlier C standard(C89) + Update version detection for sphinx-build + Fix error message in `json_pack()` for NULL object + Avoid invalid memory read in `json_pack()` + Call va_end after va_copy in `json_vsprintf()` + Improve handling of formats with '?' and '*' in `json_pack()` + Remove inappropriate `jsonp_free()` which caused segmentation fault in error handling + Fix incorrect report of success from `json_dump_file()` when an error is returned by `fclose()` + Make json_equal() const-correct + Fix incomplete stealing of references by `json_pack()` - Use GitHub as source URLs: Release hasn't been uploaded to digip.org. - Add check section. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2855-1 Released: Mon Jul 17 16:35:21 2023 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1212260 This update for openldap2 fixes the following issues: - libldap2 crashes on ldap_sasl_bind_s (bsc#1212260) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2859-1 Released: Mon Jul 17 16:43:57 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1160435,1172073,1187829,1191731,1199046,1200217,1205758,1208600,1209039,1209342,1210533,1210791,1211089,1211519,1211796,1212128,1212129,1212154,1212158,1212494,1212501,1212502,1212504,1212513,1212606,1212842,CVE-2023-1077,CVE-2023-1249,CVE-2023-2002,CVE-2023-3090,CVE-2023-3141,CVE-2023-3159,CVE-2023-3161,CVE-2023-3268,CVE-2023-3358,CVE-2023-35788,CVE-2023-35823,CVE-2023-35824,CVE-2023-35828 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-2002: Fixed a flaw that allowed an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication (bsc#1210533). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-3268: Fixed an out of bounds (OOB) memory access flaw in relay_file_read_start_pos in kernel/relay.c (bsc#1212502). - CVE-2023-3358: Fixed a NULL pointer dereference flaw in the Integrated Sensor Hub (ISH) driver (bsc#1212606). - CVE-2023-35788: Fixed an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets in fl_set_geneve_opt in net/sched/cls_flower.c (bsc#1212504). - CVE-2023-35823: Fixed a use-after-free flaw in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c (bsc#1212494). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). - CVE-2023-35828: Fixed a use-after-free flaw in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c (bsc#1212513). The following non-security bugs were fixed: - Also include kernel-docs build requirements for ALP - Avoid unsuported tar parameter on SLE12 - Fix missing top level chapter numbers on SLE12 SP5 (bsc#1212158). - Fix usrmerge error (boo#1211796) - Generalize kernel-doc build requirements. - Move obsolete KMP list into a separate file. The list of obsoleted KMPs varies per release, move it out of the spec file. - Move setting %%build_html to config.sh - Move setting %%split_optional to config.sh - Move setting %%supported_modules_check to config.sh - Move the kernel-binary conflicts out of the spec file. Thie list of conflicting packages varies per release. To reduce merge conflicts move the list out of the spec file. - Remove obsolete rpm spec constructs defattr does not need to be specified anymore buildroot does not need to be specified anymore - Remove usrmerge compatibility symlink in buildroot (boo#1211796). - Trim obsolete KMP list. SLE11 is out of support, we do not need to handle upgrading from SLE11 SP1. - cifs: do not include page data when checking signature (bsc#1200217). - cifs: fix open leaks in open_cached_dir() (bsc#1209342). - google/gve:fix repeated words in comments (bsc#1211519). - gve: Adding a new AdminQ command to verify driver (bsc#1211519). - gve: Cache link_speed value from device (bsc#1211519). - gve: Fix GFP flags when allocing pages (bsc#1211519). - gve: Fix error return code in gve_prefill_rx_pages() (bsc#1211519). - gve: Fix spelling mistake 'droping' -> 'dropping' (bsc#1211519). - gve: Handle alternate miss completions (bsc#1211519). - gve: Reduce alloc and copy costs in the GQ rx path (bsc#1211519). - gve: Remove the code of clearing PBA bit (bsc#1211519). - gve: Secure enough bytes in the first TX desc for all TCP pkts (bsc#1211519). - gve: enhance no queue page list detection (bsc#1211519). - kernel-binary: Add back kernel-default-base guarded by option Add configsh option for splitting off kernel-default-base, and for not signing the kernel on non-efi - kernel-binary: install expoline.o (boo#1210791 bsc#1211089) - kernel-source: Remove unused macro variant_symbols - kernel-spec-macros: Fix up obsolete_rebuilds_subpackage to generate obsoletes correctly (boo#1172073 bsc#1191731). rpm only supports full length release, no provides - rpm/check-for-config-changes: add TOOLCHAIN_NEEDS_* to IGNORED_CONFIGS_RE. - rpm/constraints.in: Increase disk size constraint for riscv64 to 52GB - rpm/kernel-binary.spec.in: Add Provides of kernel-preempt (jsc#SLE-18857) For smooth migration with the former kernel-preempt user, kernel-default provides kernel-preempt now when CONFIG_PREEMPT_DYNAMIC is defined. - rpm/kernel-binary.spec.in: Fix compatibility wth newer rpm - rpm/kernel-binary.spec.in: Fix missing kernel-preempt-devel and KMP Provides (bsc#1199046) - rpm/kernel-docs.spec.in: pass PYTHON=python3 to fix build error (bsc#1160435) - usrmerge: Compatibility with earlier rpm (boo#1211796) - x86/build: Avoid relocation information in final vmlinux (bsc#1187829). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2866-1 Released: Tue Jul 18 11:09:03 2023 Summary: Security update for python-requests Type: security Severity: moderate References: 1211674,CVE-2023-32681 This update for python-requests fixes the following issues: - CVE-2023-32681: Fixed unintended leak of Proxy-Authorization header (bsc#1211674). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2879-1 Released: Wed Jul 19 09:45:34 2023 Summary: Security update for dbus-1 Type: security Severity: moderate References: 1212126,CVE-2023-34969 This update for dbus-1 fixes the following issues: - CVE-2023-34969: Fixed a possible dbus-daemon crash by an unprivileged users (bsc#1212126). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2882-1 Released: Wed Jul 19 11:49:39 2023 Summary: Security update for perl Type: security Severity: important References: 1210999,CVE-2023-31484 This update for perl fixes the following issues: - CVE-2023-31484: Enable TLS cert verification in CPAN (bsc#1210999). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2885-1 Released: Wed Jul 19 16:58:43 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1208721,1209229,1211828 This update for glibc fixes the following issues: - getlogin_r: fix missing fallback if loginuid is unset (bsc#1209229, BZ #30235) - Exclude static archives from preparation for live patching (bsc#1208721) - resolv_conf: release lock on allocation failure (bsc#1211828, BZ #30527) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2894-1 Released: Thu Jul 20 06:45:06 2023 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1194557,1203300,1206447,1206674,1206798,1211026 This update for wicked fixes the following issues: - Update to version 0.6.73 - Fix arp notify loop and burst sending (boo#1212806) - Allow verify/notify counter and interval configuration - Handle ENOBUFS sending errors (bsc#1203300) - Improve environment variable handling - Refactor firmware extension definition - Enable, disable and revert cli commands - Fix memory leaks, add array/list utils - Ignore WIRELESS_EAP_AUTH within TLS (bsc#1211026) - Cleanup /var/run leftovers in extension scripts (bsc#1194557) - Output formatting improvements and Unicode support - bond: workaround 6.1 kernel enslave regression (bsc#1206674) - Add `wicked firmware` command to improve `ibft`,`nbft`,`redfish` firmware extension and interface handling. - Improve error handling in netif firmware discovery extension execution and extension definition overrides in the wicked-config. - Fix use-after-free in debug mode (bsc#1206447) - Replace transitional `%usrmerged` macro with regular version check (bsc#1206798) - Improve to show `no-carrier` in ifstatus output - Cleanup inclusions and update uapi header to 6.0 - Link mode nwords cleanup and new advertise mode names - Enable raw-ip support for wwan-qmi interfaces (jsc#PED-90) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:2898-1 Released: Thu Jul 20 09:15:33 2023 Summary: Recommended update for python-instance-billing-flavor-check Type: feature Severity: critical References: This update for python-instance-billing-flavor-check fixes the following issues: - Include PAYG checker package in SLE (jsc#PED-4791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2905-1 Released: Thu Jul 20 10:17:54 2023 Summary: Recommended update for fstrm Type: recommended Severity: moderate References: This update for fstrm fixes the following issues: - Update to 0.6.1: - fstrm_capture: ignore SIGPIPE, which will cause the interrupted connections to generate an EPIPE instead. - Fix truncation in snprintf calls in argument processing. - fstrm_capture: Fix output printf format. - Update to 0.6.0 It adds a new feature for fstrm_capture. It can perform output file rotation when a SIGUSR1 signal is received by fstrm_capture. (See the --gmtime or --localtime options.) This allows fstrm_capture's output file to be rotated by logrotate or a similar external utility. (Output rotation is suppressed if fstrm_capture is writing to stdout.) Update to 0.5.0 - Change license to modern MIT license for compatibility with GPLv2 software. Contact software at farsightsecurity.com for alternate licensing. - src/fstrm_replay.c: For OpenBSD and Posix portability include netinet/in.h and sys/socket.h to get struct sockaddr_in and the AF_* defines respectively. - Fix various compiler warnings. Update to 0.4.0 The C implementation of the Frame Streams data transport protocol, fstrm version 0.4.0, was released. It adds TCP support, a new tool, new documentation, and several improvements. - Added manual pages for fstrm_capture and fstrm_dump. - Added new tool, fstrm_replay, for replaying saved Frame Streams data to a socket connection. - Adds TCP support. Add tcp_writer to the core library which implements a bi-directional Frame Streams writer as a TCP socket client. Introduces new developer API: fstrm_tcp_writer_init, fstrm_tcp_writer_options_init, fstrm_tcp_writer_options_destroy, fstrm_tcp_writer_options_set_socket_address, and fstrm_tcp_writer_options_set_socket_port. - fstrm_capture: new options for reading from TCP socket. - fstrm_capture: add '-c' / '--connections' option to limit the number of concurrent connections it will accept. - fstrm_capture: add '-b / --buffer-size' option to set the read buffer size (effectively the maximum frame size) to a value other than the default 256 KiB. - fstrm_capture: skip oversize messages to fix stalled connections caused by messages larger than the read highwater mark of the input buffer. Discarded messages are logged for the purposes of tuning the input buffer size. - fstrm_capture: complete sending of FINISH frame before closing connection. - Various test additions and improvements. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2909-1 Released: Thu Jul 20 10:59:11 2023 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1204563 This update for grub2 fixes the following issues: - grub2-once: Fix 'sh: terminal_output: command not found' error (bsc#1204563) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2918-1 Released: Thu Jul 20 12:00:17 2023 Summary: Recommended update for gpgme Type: recommended Severity: moderate References: 1089497 This update for gpgme fixes the following issues: gpgme: - Address failure handling issues when using gpg 2.2.6 via gpgme, as used by libzypp (bsc#1089497) libassuan: - Version upgrade to 2.5.5 in LTSS to address gpgme new requirements ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2945-1 Released: Mon Jul 24 09:37:30 2023 Summary: Security update for openssh Type: security Severity: important References: 1186673,1209536,1213004,1213008,1213504,CVE-2023-38408 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2954-1 Released: Mon Jul 24 13:01:46 2023 Summary: Security update for bind Type: security Severity: important References: 1212544,CVE-2023-2828 This update for bind fixes the following issues: - CVE-2023-2828: Fixed denial-of-service against recursive resolvers related to cache-cleaning algorithm (bsc#1212544). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2956-1 Released: Tue Jul 25 08:33:38 2023 Summary: Security update for libcap Type: security Severity: moderate References: 1211419,CVE-2023-2603 This update for libcap fixes the following issues: - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2994-1 Released: Thu Jul 27 06:45:29 2023 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1157881,1200710,1209859 This update for nfs-utils fixes the following issues: - SLE15-SP5 and earlier don't use /usr/lib/modprobe.d (bsc#1200710) - Avoid unhelpful warnings (bsc#1157881) - Fix rpc.nfsd man pages (bsc#1209859) - Allow scope to be set in sysconfig: NFSD_SCOPE ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3060-1 Released: Mon Jul 31 13:27:42 2023 Summary: Security update for samba Type: security Severity: important References: 1213171,1213172,1213173,1213174,1213384,CVE-2022-2127,CVE-2023-34966,CVE-2023-34967,CVE-2023-34968 This update for samba fixes the following issues: - CVE-2022-2127: Fixed issue where lm_resp_len was not checked properly in winbindd_pam_auth_crap_send (bsc#1213174). - CVE-2023-34966: Fixed samba spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability (bsc#1213173). - CVE-2023-34967: Fixed samba spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability (bsc#1213172). - CVE-2023-34968: Fixed spotlight server-side Share Path Disclosure (bsc#1213171). Bugfixes: - Fixed trust relationship failure (bsc#1213384). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3173-1 Released: Thu Aug 3 08:56:10 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1201399,1208003,1210799 This update for perl-Bootloader fixes the following issues: - Use signed grub EFI binary when updating grub in default EFI location (bsc#1210799) - UEFI: update also default location, if it is controlled by SUSE (bsc#1210799, bsc#1201399) - Use `fw_platform_size` to distinguish between 32 bit and 64 bit UEFI platforms (bsc#1208003) - Add basic support for systemd-boot ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3179-1 Released: Thu Aug 3 13:59:38 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1201627,1207534,1213487,CVE-2022-4304,CVE-2023-3446 This update for openssl-1_1 fixes the following issues: - CVE-2022-4304: Reworked the fix for the Timing-Oracle in RSA decryption. The previous fix for this timing side channel turned out to cause a severe 2-3x performance regression in the typical use case (bsc#1207534). - CVE-2023-3446: Fixed DH_check() excessive time with over sized modulus (bsc#1213487). - Update further expiring certificates that affect tests [bsc#1201627] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3196-1 Released: Fri Aug 4 10:02:04 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1213443 This update for protobuf-c fixes the following issues: - Include executables required to generate Protocol Buffers glue code in the devel subpackage (bsc#1213443) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3197-1 Released: Fri Aug 4 10:04:10 2023 Summary: Recommended update for google-guest-agent, google-guest-configs, google-osconfig-agent Type: recommended Severity: moderate References: 1212418,1212759 This update for google-guest-agent, google-guest-configs, google-osconfig-agent fixes the following issues: - Update to version 20230601.00 (bsc#1212418, bsc#1212759) - Don't block google-osconfig-agent (#213) - Avoid conflict with automated package updates (#212) - Add a support of TrustedUserCAKeys into sshd configuration (#206) - Add a new dracut module for gcp udev rules (#53) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3210-1 Released: Mon Aug 7 15:20:04 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3218-1 Released: Mon Aug 7 16:52:13 2023 Summary: Recommended update for cryptsetup Type: recommended Severity: moderate References: 1211079 This update for cryptsetup fixes the following issues: - Handle system with low memory and no swap space (bsc#1211079) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3270-1 Released: Thu Aug 10 19:34:35 2023 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1211461 This update for vim fixes the following issues: - Calling vim on xterm leads to missing first character of the command prompt (bsc#1211461) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3282-1 Released: Fri Aug 11 10:26:23 2023 Summary: Recommended update for blog Type: recommended Severity: moderate References: This update for blog fixes the following issues: - Fix big endian cast problems to be able to read commands and ansers as well as passphrases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3284-1 Released: Fri Aug 11 10:29:50 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1206627,1213189 This update for shadow fixes the following issues: - Prevent lock files from remaining after power interruptions (bsc#1213189) - Add --prefix support to passwd, chpasswd and chage (bsc#1206627) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3288-1 Released: Fri Aug 11 12:30:14 2023 Summary: Recommended update for python-apipkg Type: recommended Severity: moderate References: 1213582 This update for python-apipkg provides python3-apipkg to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3291-1 Released: Fri Aug 11 12:51:21 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1213517,1213853,CVE-2023-3817 This update for openssl-1_1 fixes the following issues: - CVE-2023-3817: Fixed a potential DoS due to excessive time spent checking DH q parameter value. (bsc#1213853) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3294-1 Released: Fri Aug 11 13:51:51 2023 Summary: Recommended update for hwinfo Type: recommended Severity: moderate References: 1200975,1204294,1212756 This update for hwinfo fixes the following issues: - Avoid linking problems with libsamba (bsc#1212756) - Update to version 21.85 - Create xen usb controller device if necessary (bsc#1204294) - Improve treatment of NVME devices (bsc#1200975) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3301-1 Released: Mon Aug 14 07:24:59 2023 Summary: Security update for libyajl Type: security Severity: moderate References: 1212928,CVE-2023-33460 This update for libyajl fixes the following issues: - CVE-2023-33460: Fixed memory leak which could cause out-of-memory in server (bsc#1212928). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3330-1 Released: Wed Aug 16 08:59:33 2023 Summary: Recommended update for python-pyasn1 Type: recommended Severity: important References: 1207805 This update for python-pyasn1 fixes the following issues: - To avoid users of this package having to recompile bytecode files, change the mtime of any __init__.py. (bsc#1207805) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3365-1 Released: Fri Aug 18 20:35:01 2023 Summary: Security update for krb5 Type: security Severity: important References: 1214054,CVE-2023-36054 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3371-1 Released: Tue Aug 22 13:30:18 2023 Summary: Recommended update for liblognorm Type: recommended Severity: moderate References: This update for liblognorm fixes the following issues: - Update to liblognorm v2.0.6 (jsc#PED-4883) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3373-1 Released: Tue Aug 22 13:48:25 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1211757,1213212 This update for rsyslog fixes the following issues: - Fix removal of imfile state files (bsc#1213212) - Fix segfaults in modExit() of imklog.c (bsc#1211757) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3391-1 Released: Wed Aug 23 17:29:26 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199304,1206418,1207270,1210584,1211131,1211738,1211867,1212301,1212741,1212835,1212846,1213059,1213061,1213167,1213245,1213286,1213287,1213354,1213543,1213585,1213586,1213588,1213653,1213868,CVE-2022-40982,CVE-2023-0459,CVE-2023-20569,CVE-2023-20593,CVE-2023-2156,CVE-2023-2985,CVE-2023-3117,CVE-2023-31248,CVE-2023-3390,CVE-2023-35001,CVE-2023-3567,CVE-2023-3609,CVE-2023-3611,CVE-2023-3776,CVE-2023-3812 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418). - CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738). - CVE-2023-20569: Fixed side channel attack ???Inception??? or ???RAS Poisoning??? (bsc#1213287). - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286). - CVE-2023-2156: Fixed a flaw in the networking subsystem within the handling of the RPL protocol (bsc#1211131). - CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867). - CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245). - CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061). - CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846). - CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059). - CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167). - CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586). - CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585). - CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588). - CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543). The following non-security bugs were fixed: - arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - block, bfq: fix division by zero error on zero wsum (bsc#1213653). - get module prefix from kmod (bsc#1212835). - init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418). - init: invoke arch_cpu_finalize_init() earlier (bsc#1206418). - init: provide arch_cpu_finalize_init() (bsc#1206418). - init: remove check_bugs() leftovers (bsc#1206418). - jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304). - kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps') - kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base. - kernel-docs: use python3 together with python3-sphinx (bsc#1212741). - keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354). - lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567). - locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567). - locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567). - locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567). - locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567). - locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567). - locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567). - locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567). - locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567). - locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567). - locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567). - locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567). - locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567). - locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567). - locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567). - locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567). - locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567). - locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567). - net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585). - net: mana: add support for vlan tagging (bsc#1212301). - ocfs2: fix a deadlock when commit trans (bsc#1199304). - ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304). - ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304). - remove more packaging cruft for sle < 12 sp3 - rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude. - rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*. - rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567). - rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567). - ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584). - ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584). - usrmerge: adjust module path in the kernel sources (bsc#1212835). - x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418). - x86/fpu: remove cpuinfo argument from init functions (bsc#1206418). - x86/microcode/AMD: Make stub function static inline (bsc#1213868). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3446-1 Released: Mon Aug 28 10:56:49 2023 Summary: Security update for xen Type: security Severity: moderate References: 1027519,1204489,1213616,1214082,1214083,CVE-2022-40982,CVE-2023-20569,CVE-2023-20593 This update for xen fixes the following issues: - CVE-2023-20569: Fixed side channel attack Inception or RAS Poisoning. (bsc#1214082, XSA-434) - CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling'. (bsc#1214083, XSA-435) - CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information. (bsc#1213616, XSA-433) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3448-1 Released: Mon Aug 28 12:13:20 2023 Summary: Recommended update for google-guest-configs Type: recommended Severity: moderate References: 1214546,1214572 This update for google-guest-configs fixes the following issues: - Update to version 20230808.00 (bsc#1214546, bsc#1214572) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3452-1 Released: Mon Aug 28 12:41:11 2023 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1213951 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update from version 1.0.7 to 1.0.8 (bsc#1213951) - Capture CSP billing adapter config and log - Accept upper case Amazon string in DMI table ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3454-1 Released: Mon Aug 28 13:43:18 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1214248 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3461-1 Released: Mon Aug 28 17:25:09 2023 Summary: Security update for freetype2 Type: security Severity: moderate References: 1210419,CVE-2023-2004 This update for freetype2 fixes the following issues: - CVE-2023-2004: Fixed integer overflow in tt_hvadvance_adjust (bsc#1210419). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3467-1 Released: Tue Aug 29 07:39:36 2023 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1213940 This update for samba fixes the following issues: - Move libcluster-samba4.so from samba-libs to samba-client-libs (bsc#1213940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3470-1 Released: Tue Aug 29 10:49:33 2023 Summary: Recommended update for parted Type: recommended Severity: low References: 1182142,1193412 This update for parted fixes the following issues: - fix null pointer dereference (bsc#1193412) - update mkpart options in manpage (bsc#1182142) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3487-1 Released: Tue Aug 29 14:28:35 2023 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1214071 This update for lvm2 fixes the following issues: - blkdeactivate calls wrong mountpoint cmd (bsc#1214071) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3515-1 Released: Fri Sep 1 15:54:25 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1158763,1210740,1213231,1213557,1213673 This update for libzypp, zypper fixes the following issues: - Fix occasional isue with downloading very small files (bsc#1213673) - Fix negative ZYPP_LOCK_TIMEOUT not waiting forever (bsc#1213231) - Fix OES synchronization issues when cookie file has mode 0600 (bsc#1158763) - Don't cleanup orphaned dirs if read-only mode was promised (bsc#1210740) - Revised explanation of --force-resolution in man page (bsc#1213557) - Print summary hint if policies were violated due to --force-resolution (bsc#1213557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3521-1 Released: Tue Sep 5 08:56:45 2023 Summary: Recommended update for python-iniconfig Type: recommended Severity: moderate References: 1213582 This update for python-iniconfig provides python3-iniconfig to SUSE Linux Enterprise Micro 5.2. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3536-1 Released: Tue Sep 5 15:00:27 2023 Summary: Security update for docker Type: security Severity: moderate References: 1210797,1212368,1213120,1213229,1213500,1214107,1214108,1214109,CVE-2023-28840,CVE-2023-28841,CVE-2023-28842 This update for docker fixes the following issues: - Update to Docker 24.0.5-ce. See upstream changelong online at bsc#1213229 - Update to Docker 24.0.4-ce. See upstream changelog online at . bsc#1213500 - Update to Docker 24.0.3-ce. See upstream changelog online at . bsc#1213120 - Recommend docker-rootless-extras instead of Require(ing) it, given it's an additional functionality and not inherently required for docker to function. - Add docker-rootless-extras subpackage (https://docs.docker.com/engine/security/rootless) - Update to Docker 24.0.2-ce. See upstream changelog online at . bsc#1212368 * Includes the upstreamed fix for the mount table pollution issue. bsc#1210797 - Add Recommends for docker-buildx, and add /usr/lib/docker/cli-plugins as being provided by this package. - was rebuilt against current GO compiler. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3540-1 Released: Tue Sep 5 16:44:44 2023 Summary: Recommended update for dracut Type: recommended Severity: important References: 1214081 This update for dracut fixes the following issues: - Exit if resolving executable dependencies fails (bsc#1214081) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3543-1 Released: Wed Sep 6 08:27:22 2023 Summary: Recommended update for protobuf-c Type: recommended Severity: moderate References: 1214006 This update for protobuf-c fixes the following issues: - Add missing Provides/Obsoletes after package merge (bsc#1214006) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3546-1 Released: Wed Sep 6 14:07:17 2023 Summary: Recommended update for open-iscsi Type: recommended Severity: low References: 1207157 This update for open-iscsi fixes the following issues: -Set 'safe_logout' and 'startup' in iscsid.conf (bsc#1207157) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3639-1 Released: Mon Sep 18 13:33:16 2023 Summary: Security update for libeconf Type: security Severity: moderate References: 1198165,1211078,CVE-2023-22652,CVE-2023-30078,CVE-2023-30079,CVE-2023-32181 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078) The following non-security bug was fixed: - Fixed parsing files correctly which have space characters AND none space characters as delimiters (bsc#1198165). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3661-1 Released: Mon Sep 18 21:44:09 2023 Summary: Security update for gcc12 Type: security Severity: important References: 1214052,CVE-2023-4039 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3684-1 Released: Tue Sep 19 17:12:12 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1023051,1203517,1210448,1213272,1213546,1213601,1213666,1213916,1213927,1213968,1213969,1213970,1213971,1214019,1214120,1214149,1214275,1214297,1214348,1214350,1214451,CVE-2022-36402,CVE-2023-2007,CVE-2023-20588,CVE-2023-21400,CVE-2023-34319,CVE-2023-3772,CVE-2023-3863,CVE-2023-4128,CVE-2023-4132,CVE-2023-4133,CVE-2023-4134,CVE-2023-4147,CVE-2023-4194,CVE-2023-4273,CVE-2023-4385,CVE-2023-4387,CVE-2023-4459 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-36402: Fixed an integer overflow vulnerability in vmwgfx driver in that allowed a local attacker with a user account on the system to gain privilege, causing a denial of service (bsc#1203517). - CVE-2023-2007: Fixed a flaw in the DPT I2O Controller driver that could allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel (bsc#1210448). - CVE-2023-3772: Fixed a flaw in XFRM subsystem that may have allowed a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer leading to a possible kernel crash and denial of service (bsc#1213666). - CVE-2023-3863: Fixed a use-after-free flaw was found in nfc_llcp_find_local that allowed a local user with special privileges to impact a kernel information leak issue (bsc#1213601). - CVE-2023-4128: Fixed a use-after-free flaw in net/sched/cls_fw.c that allowed a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue (bsc#1214149). - CVE-2023-4132: Fixed use-after-free vulnerability was found in the siano smsusb module that allowed a local user to crash the system, causing a denial of service condition (bsc#1213969). - CVE-2023-4133: Fixed use after free bugs caused by circular dependency problem in cxgb4 (bsc#1213970). - CVE-2023-4134: Fixed use-after-free in cyttsp4_watchdog_work() (bsc#1213971). - CVE-2023-4147: Fixed use-after-free in nf_tables_newrule (bsc#1213968). - CVE-2023-4194: Fixed a type confusion in net tun_chr_open() (bsc#1214019). - CVE-2023-4273: Fixed a flaw in the exFAT driver of the Linux kernel that alloawed a local privileged attacker to overflow the kernel stack (bsc#1214120). - CVE-2023-4385: Fixed a NULL pointer dereference flaw in dbFree that may have allowed a local attacker to crash the system due to a missing sanity check (bsc#1214348). - CVE-2023-4387: Fixed use-after-free flaw in vmxnet3_rq_alloc_rx_buf that could allow a local attacker to crash the system due to a double-free (bsc#1214350). - CVE-2023-4459: Fixed a NULL pointer dereference flaw in vmxnet3_rq_cleanup that may have allowed a local attacker with normal user privilege to cause a denial of service (bsc#1214451). - CVE-2023-20588: Fixed a division-by-zero error on some AMD processors that can potentially return speculative data resulting in loss of confidentiality (bsc#1213927). - CVE-2023-21400: Fixed several memory corruptions due to improper locking in io_uring (bsc#1213272). - CVE-2023-34319: Fixed buffer overrun triggered by unusual packet in xen/netback (XSA-432) (bsc#1213546). The following non-security bugs were fixed: - ARM: spear: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - Do not add and remove genksyms ifdefs - clocksource/drivers/arm_arch_timer: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - clocksource/drivers/sp804: Do not use timer namespace for timer_shutdown() function (bsc#1213970). - e1000: Fix fall-through warnings for Clang (jsc#PED-5738). - e1000: Fix typos in comments (jsc#PED-5738). - e1000: Remove unnecessary use of kmap_atomic() (jsc#PED-5738). - e1000: drop unneeded assignment in e1000_set_itr() (jsc#PED-5738). - e1000: switch to napi_consume_skb() (jsc#PED-5738). - intel/e1000:fix repeated words in comments (jsc#PED-5738). - intel: remove checker warning (jsc#PED-5738). - kabi/severities: Ignore newly added SRSO mitigation functions - md/raid0: Factor out helper for mapping and submitting a bio (bsc#1213916). - md/raid0: Fix performance regression for large sequential writes (bsc#1213916). - net: e1000: remove repeated word 'slot' for e1000_main.c (jsc#PED-5738). - net: e1000: remove repeated words for e1000_hw.c (jsc#PED-5738). - powerpc/rtas: block error injection when locked down (bsc#1023051). - powerpc/rtas: mandate RTAS syscall filtering (bsc#1023051). - powerpc/rtas: move syscall filter setup into separate function (bsc#1023051). - powerpc/rtas: remove ibm_suspend_me_token (bsc#1023051). - powerpc: Move DMA64_PROPNAME define to a header (bsc#1214297 ltc#197503). - pseries/iommu/ddw: Fix kdump to work in absence of ibm,dma-window (bsc#1214297 ltc#197503). - timers: Add shutdown mechanism to the internal functions (bsc#1213970). - timers: Provide timer_shutdown[_sync]() (bsc#1213970). - timers: Rename del_timer() to timer_delete() (bsc#1213970). - timers: Rename del_timer_sync() to timer_delete_sync() (bsc#1213970). - timers: Replace BUG_ON()s (bsc#1213970). - timers: Silently ignore timers with a NULL function (bsc#1213970). - timers: Split [try_to_]del_timer[_sync]() to prepare for shutdown mode (bsc#1213970). - timers: Update kernel-doc for various functions (bsc#1213970). - timers: Use del_timer_sync() even on UP (bsc#1213970). - x86/cpu/kvm: Provide UNTRAIN_RET_VM (git-fixes). - x86/cpu: Cleanup the untrain mess (git-fixes). - x86/cpu: Rename original retbleed methods (git-fixes). - x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (git-fixes). - x86/retpoline: Do not clobber RFLAGS during srso_safe_ret() (git-fixes). - x86/speculation: Add cpu_show_gds() prototype (git-fixes). - x86/speculation: Mark all Skylake CPUs as vulnerable to GDS (git-fixes). - x86/srso: Correct the mitigation status when SMT is disabled (git-fixes). - x86/srso: Disable the mitigation on unaffected configurations (git-fixes). - x86/srso: Explain the untraining sequences a bit more (git-fixes). - x86: Move gds_ucode_mitigated() declaration to header (git-fixes). - xfs: fix sb write verify for lazysbcount (bsc#1214275). - xfs: gut error handling in xfs_trans_unreserve_and_mod_sb() (bsc#1214275). - xfs: update superblock counters correctly for !lazysbcount (bsc#1214275). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3698-1 Released: Wed Sep 20 11:01:15 2023 Summary: Security update for libxml2 Type: security Severity: important References: 1214768,CVE-2023-39615 This update for libxml2 fixes the following issues: - CVE-2023-39615: Fixed crafted xml can cause global buffer overflow (bsc#1214768). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3707-1 Released: Wed Sep 20 17:12:03 2023 Summary: Security update for cups Type: security Severity: important References: 1214254,1215204,CVE-2023-32360,CVE-2023-4504 This update for cups fixes the following issues: - CVE-2023-4504: Fixed heap overflow in OpenPrinting CUPS Postscript Parsing (bsc#1215204). - CVE-2023-32360: Fixed Information leak through Cups-Get-Document operation (bsc#1214254). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3814-1 Released: Wed Sep 27 18:08:17 2023 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1211829,1212819,1212910 This update for glibc fixes the following issues: - nscd: Fix netlink cache invalidation if epoll is used (bsc#1212910, BZ #29415) - Restore lookup of IPv4 mapped addresses in files database (bsc#1212819, BZ #25457) - elf: Remove excessive p_align check on PT_LOAD segments (bsc#1211829, BZ #28688) - elf: Properly align PT_LOAD segments (bsc#1211829, BZ #28676) - ld.so: Always use MAP_COPY to map the first segment (BZ #30452) - add GB18030-2022 charmap (jsc#PED-4908, BZ #30243) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3817-1 Released: Wed Sep 27 18:31:14 2023 Summary: Security update for containerd Type: security Severity: important References: 1212475 This update of containerd fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3822-1 Released: Wed Sep 27 18:40:14 2023 Summary: Security update for supportutils Type: security Severity: moderate References: 1181477,1196933,1204942,1205533,1206402,1206608,1207543,1207598,1208928,1209979,1210015,1210950,1211598,1211599,1213127,CVE-2022-45154 This update for supportutils fixes the following issues: Security fixes: - CVE-2022-45154: Removed iSCSI passwords (bsc#1207598). Other Fixes: - Changes in version 3.1.26 + powerpc plugin to collect the slots and active memory (bsc#1210950) + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154 + supportconfig: collect BPF information (pr#154) + Added additional iscsi information (pr#155) - Added run time detection (bsc#1213127) - Changes for supportutils version 3.1.25 + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598) + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149) + powerpc: collect invscout logs (pr#150) + powerpc: collect RMC status logs (pr#151) + Added missing nvme nbft commands (bsc#1211599) + Fixed invalid nvme commands (bsc#1211598) + Added missing podman information (PED-1703, bsc#1181477) + Removed dependency on sysfstools + Check for systool use (bsc#1210015) + Added selinux checking (bsc#1209979) + Updated SLES_VER matrix - Fixed missing status detail for apparmor (bsc#1196933) - Corrected invalid argument list in docker.txt (bsc#1206608) - Applies limit equally to sar data and text files (bsc#1207543) - Collects hwinfo hardware logs (bsc#1208928) - Collects lparnumascore logs (issue#148) - Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs - Changes to supportconfig.rc version 3.1.11-35 + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402) - Changes to supportconfig version 3.1.11-46.4 + Added plymouth_info - Changes to getappcore version 1.53.02 + The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3828-1 Released: Wed Sep 27 19:07:38 2023 Summary: Security update for python3 Type: security Severity: important References: 1214692,CVE-2023-40217 This update for python3 fixes the following issues: - CVE-2023-40217: Fixed TLS handshake bypass on closed sockets (bsc#1214692). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3843-1 Released: Wed Sep 27 20:18:06 2023 Summary: Recommended update for suse-build-key Type: recommended Severity: important References: This update for suse-build-key fixes the following issues: This update adds and runs a import-suse-build-key script. It is run after installation with libzypp based installers. (jsc#PED-2777) It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3903-1 Released: Fri Sep 29 15:14:18 2023 Summary: Security update for xen Type: security Severity: important References: 1213616,1215145,1215474,CVE-2023-20588,CVE-2023-20593,CVE-2023-34322 This update for xen fixes the following issues: - CVE-2023-20588: Fixed AMD CPU transitional execution leak via division by zero (XSA-439) (bsc#1215474). - CVE-2023-34322: Fixed top-level shadow reference dropped too early for 64-bit PV guests (XSA-438) (bsc#1215145). - CVE-2023-20593: Fixed AMD Zenbleed (XSA-433) (bsc#1213616). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3934-1 Released: Mon Oct 2 12:04:33 2023 Summary: Security update for bind Type: security Severity: important References: 1213748,1215472,CVE-2023-3341 This update for bind fixes the following issues: Security fixes: - CVE-2023-3341: Fixed stack exhaustion flaw in control channel code may cause named to terminate unexpectedly (bsc#1215472). Other fixes: - Add `dnstap` support (jsc#PED-4853, jsc#PED-4852, bsc#1213748) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3951-1 Released: Tue Oct 3 19:37:46 2023 Summary: Recommended update for python3-jmespath, python3-ply Type: recommended Severity: moderate References: 1209233 This update for python3-jmespath and python3-ply fixes the following issue: - the packages are required as dependencies for python3-salt, and were missing on aarch64 based SLE Micro flavors so far. There are no functional changes. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3952-1 Released: Tue Oct 3 20:06:23 2023 Summary: Security update for runc Type: security Severity: important References: 1212475 This update of runc fixes the following issues: - Update to runc v1.1.8. Upstream changelog is available from . - rebuild the package with the go 1.21 security release (bsc#1212475). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3955-1 Released: Tue Oct 3 21:27:58 2023 Summary: Security update for vim Type: security Severity: important References: 1214922,1214924,1214925,1215004,1215006,1215033,CVE-2023-4733,CVE-2023-4734,CVE-2023-4735,CVE-2023-4738,CVE-2023-4752,CVE-2023-4781 This update for vim fixes the following issues: Security fixes: - CVE-2023-4733: Fixed use-after-free in function buflist_altfpos (bsc#1215004). - CVE-2023-4734: Fixed segmentation fault in function f_fullcommand (bsc#1214925). - CVE-2023-4735: Fixed out of bounds write in ops.c (bsc#1214924). - CVE-2023-4738: Fixed heap buffer overflow in vim_regsub_both (bsc#1214922). - CVE-2023-4752: Fixed heap use-after-free in function ins_compl_get_exp (bsc#1215006). - CVE-2023-4781: Fixed heap buffer overflow in function vim_regsub_both (bsc#1215033). Other fixes: - Update to version 9.0 with patch level 1894, for the complete list of changes see https://github.com/vim/vim/compare/v9.0.1443...v9.0.1894 - Use app icons generated from vimlogo.eps in the source tarball; add higher resolution icons of sizes 128x128, 256x256, and 512x512 as png sources ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3997-1 Released: Fri Oct 6 14:13:56 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1215713,CVE-2023-35945 This update for nghttp2 fixes the following issues: - CVE-2023-35945: Fixed memory leak when PUSH_PROMISE or HEADERS frame cannot be sent (bsc#1215713). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4006-1 Released: Mon Oct 9 08:35:50 2023 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1213854,1214292,1214395,1215007 This update for zypper fixes the following issues: - Fix name of the bash completion script (bsc#1215007) - Update notes about failing signature checks (bsc#1214395) - Improve the SIGINT handler to be signal safe (bsc#1214292) - Update to version 1.14.64 - Changed location of bash completion script (bsc#1213854). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4027-1 Released: Tue Oct 10 13:59:02 2023 Summary: Security update for shadow Type: security Severity: low References: 1214806,CVE-2023-4641 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4045-1 Released: Wed Oct 11 09:10:43 2023 Summary: Security update for curl Type: security Severity: moderate References: 1215889,CVE-2023-38546 This update for curl fixes the following issues: - CVE-2023-38546: Fixed a cookie injection with none file (bsc#1215889). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4095-1 Released: Tue Oct 17 15:03:04 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176588,1202845,1207036,1207270,1208995,1210169,1210643,1210658,1212703,1213812,1214233,1214351,1214380,1214386,1215115,1215117,1215150,1215221,1215275,1215299,1215322,1215356,CVE-2020-36766,CVE-2023-1192,CVE-2023-1206,CVE-2023-1859,CVE-2023-2177,CVE-2023-23454,CVE-2023-4004,CVE-2023-40283,CVE-2023-42753,CVE-2023-4389,CVE-2023-4622,CVE-2023-4623,CVE-2023-4881,CVE-2023-4921 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95% (bsc#1212703). - CVE-2023-42753: Fixed an array indexing vulnerability in the netfilter subsystem. This issue may have allowed a local user to crash the system or potentially escalate their privileges on the system. (bsc#1215150) - CVE-2023-4389: Fixed a a double decrement of the reference count flaw in the btrfs filesystem a double decrement of the reference count, which may have allowed a local attacker with user privilege to crash the system or may lead to leaked internal kernel information. (bsc#1214351) - CVE-2023-4921: Fixed a use-after-free vulnerability in the sch_qfq component which could be exploited to achieve local privilege escalation. (bsc#1215275) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-4004: Fixed improper element removal netfilter nft_set_pipapo (bsc#1213812). - CVE-2023-4622: Fixed a use-after-free vulnerability in the af_unix component which could be exploited to achieve local privilege escalation. (bsc#1215117) - CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). - CVE-2020-36766: Fixed an issue in drivers/media/cec/core/cec-api.c which could leaks one byte of kernel memory on specific hardware to unprivileged users. (bsc#1215299) - CVE-2023-1859: Fixed a use-after-free flaw in Xen transport for 9pfs. This flaw could allow a local attacker to crash the system due to a race problem, possibly leading to a kernel information leak. (bsc#1210169) - CVE-2023-2177: Fixed a null pointer dereference issue in the sctp network protocol which could allow a user to crash the system or potentially cause a denial of service. (bsc#1210643) - CVE-2023-4881: Fixed a out-of-bounds write flaw in the netfilter subsystem that could lead to potential information disclosure or a denial of service (bsc#1215221). - CVE-2023-40283: Fixed use-after-free in l2cap_sock_ready_cb (bsc#1214233). - CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). The following non-security bugs were fixed: - bnx2x: new flag for track HW resource allocation (bsc#1202845 bsc#1215322). - locking/rwsem: Disable reader optimistic spinning (bnc#1176588). - mkspec: Allow unsupported KMPs (bsc#1214386) - scsi: qedf: Add synchronization between I/O completions and abort (bsc#1210658). - x86/pkeys: Revert a5eff7259790 ('x86/pkeys: Add PKRU value to init_fpstate') (bsc#1215356). - x86/srso: Do not probe microcode in a guest (git-fixes). - x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (git-fixes). - x86/srso: Fix srso_show_state() side effect (git-fixes). - x86/srso: Set CPUID feature bits independently of bug or mitigation status (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4096-1 Released: Tue Oct 17 15:04:04 2023 Summary: Security update for samba Type: security Severity: important References: 1215904,1215905,1215908,CVE-2023-4091,CVE-2023-4154,CVE-2023-42669 This update for samba fixes the following issues: - CVE-2023-4091: Fixed a bug where a client can truncate file with read-only permissions. (bsc#1215904) - CVE-2023-42669: Fixed a bug in 'rpcecho' development server which allows Denial of Service via sleep() call on AD DC. (bso#1215905) - CVE-2023-4154: Fixed a bug in dirsync which allows SYSTEM access with only 'GUID_DRS_GET_CHANGES' right. (bsc#1215908) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4106-1 Released: Wed Oct 18 09:10:14 2023 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1170267,1212799,1214781 This update for suseconnect-ng fixes the following issues: This update ships suseconnect-ng, the SUSEConnect replacement, to SUSE Linux Enterprise 15 SP1, SP2, and SP3. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4108-1 Released: Wed Oct 18 11:51:12 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1215968,CVE-2023-43804 This update for python-urllib3 fixes the following issues: - CVE-2023-43804: Fixed a potential cookie leak via HTTP redirect if the user manually set the corresponding header (bsc#1215968). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4110-1 Released: Wed Oct 18 12:35:26 2023 Summary: Security update for glibc Type: security Severity: important References: 1215286,1215891,CVE-2023-4813 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4130-1 Released: Thu Oct 19 09:53:13 2023 Summary: Security update for grub2 Type: security Severity: important References: 1215935,1215936,CVE-2023-4692,CVE-2023-4693 This update for grub2 fixes the following issues: - CVE-2023-4692: Fixed an out-of-bounds write at fs/ntfs.c which may lead to unsigned code execution. (bsc#1215935) - CVE-2023-4693: Fixed an out-of-bounds read at fs/ntfs.c which may lead to leak sensitive information. (bsc#1215936) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4139-1 Released: Fri Oct 20 10:06:58 2023 Summary: Recommended update for containerd, runc Type: recommended Severity: moderate References: 1215323 This update for containerd, runc fixes the following issues: runc was updated to v1.1.9. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.9 containerd was updated to containerd v1.7.7 for Docker v24.0.6-ce. Upstream release notes: - https://github.com/containerd/containerd/releases/tag/v1.7.7 - https://github.com/containerd/containerd/releases/tag/v1.7.6 bsc#1215323 - Add `Provides: cri-runtime` to use containerd as container runtime in Factory Kubernetes packages ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4154-1 Released: Fri Oct 20 19:33:25 2023 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Respect /etc/update-alternatives/java when setting JAVA_HOME (bsc#1215434,bsc#1107342) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4158-1 Released: Mon Oct 23 09:52:06 2023 Summary: Security update for suse-module-tools Type: security Severity: important References: 1205767,1207853,1210335,CVE-2023-1829,CVE-2023-23559 This update for suse-module-tools fixes the following issues: - Updated to version 15.3.17: - CVE-2023-1829: Blacklisted the Linux kernel tcindex classifier module (bsc#1210335). - CVE-2023-23559: Blacklisted the Linux kernel RNDIS modules (bsc#1205767, jsc#PED-5731). - Updated to version 15.3.16: - Fixed a build issue for s390x (bsc#1207853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4162-1 Released: Mon Oct 23 15:33:03 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc13, CXX=g++13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4174-1 Released: Tue Oct 24 12:36:41 2023 Summary: Security update for xen Type: security Severity: important References: 1215744,1215746,1215747,1215748,CVE-2023-34323,CVE-2023-34325,CVE-2023-34326,CVE-2023-34327,CVE-2023-34328 This update for xen fixes the following issues: - CVE-2023-34323: Fixed a potential crash in C Xenstored due to an incorrect assertion (XSA-440) (bsc#1215744). - CVE-2023-34326: Fixed a missing IOMMU TLB flush on x86 AMD systems with IOMMU hardware and PCI passthrough enabled (XSA-442) (bsc#1215746). - CVE-2023-34325: Fixed multiple parsing issues in libfsimage (XSA-443) (bsc#1215747). - CVE-2023-34327, CVE-2023-34328: Fixed multiple issues with AMD x86 debugging functionality for guests (XSA-444) (bsc#1215748). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4200-1 Released: Wed Oct 25 12:04:29 2023 Summary: Security update for nghttp2 Type: security Severity: important References: 1216123,1216174,CVE-2023-44487 This update for nghttp2 fixes the following issues: - CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4217-1 Released: Thu Oct 26 12:20:27 2023 Summary: Security update for zlib Type: security Severity: moderate References: 1216378,CVE-2023-45853 This update for zlib fixes the following issues: - CVE-2023-45853: Fixed an integer overflow that would lead to a buffer overflow in the minizip subcomponent (bsc#1216378). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4226-1 Released: Fri Oct 27 11:14:10 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1215215 This update for openssl-1_1 fixes the following issues: - Displays 'fips' in the version string (bsc#1215215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4237-1 Released: Mon Oct 30 03:42:23 2023 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1215064 This update for perl-Bootloader fixes the following issues: - `bootloader_entry` script can have an optional 'force-default' argument (bsc#1215064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4268-1 Released: Mon Oct 30 16:51:57 2023 Summary: Recommended update for pciutils Type: recommended Severity: important References: 1215265 This update for pciutils fixes the following issues: - Buffer overflow error that would cause lspci to crash on systems with complex topologies (bsc#1215265) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4310-1 Released: Tue Oct 31 14:10:47 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This Update for libtirpc to 1.3.4, fixing the following issues: Update to 1.3.4 (bsc#1199467) * binddynport.c honor ip_local_reserved_ports - replaces: binddynport-honor-ip_local_reserved_ports.patch * gss-api: expose gss major/minor error in authgss_refresh() * rpcb_clnt.c: Eliminate double frees in delete_cache() * rpcb_clnt.c: memory leak in destroy_addr * portmapper: allow TCP-only portmapper * getnetconfigent: avoid potential DoS issue by removing unnecessary sleep * clnt_raw.c: fix a possible null pointer dereference * bindresvport.c: fix a potential resource leakage Update to 1.3.3: * Fix DoS vulnerability in libtirpc - replaces: 0001-Fix-DoS-vulnerability-in-libtirpc.patch * _rpc_dtablesize: use portable system call * libtirpc: Fix use-after-free accessing the error number * Fix potential memory leak of parms.r_addr - replaces 0001-fix-parms.r_addr-memory-leak.patch * rpcb_clnt.c add mechanism to try v2 protocol first - preplaces: 0001-rpcb_clnt.c-config-to-try-protocolversion-2-first.patch * Eliminate deadlocks in connects with an MT environment * clnt_dg_freeres() uncleared set active state may deadlock * thread safe clnt destruction * SUNRPC: mutexed access blacklist_read state variable * SUNRPC: MT-safe overhaul of address cache management in rpcb_clnt.c Update to 1.3.2: * Replace the final SunRPC licenses with BSD licenses * blacklist: Add a few more well known ports * libtirpc: disallow calling auth_refresh from clnt_call with RPCSEC_GSS Update to 1.3.1: * Remove AUTH_DES interfaces from auth_des.h The unsupported AUTH_DES authentication has be compiled out since commit d918e41d889 (Wed Oct 9 2019) replaced by API routines that return errors. * svc_dg: Free xp_netid during destroy * Fix memory management issues of fd locks * libtirpc: replace array with list for per-fd locks * __svc_vc_dodestroy: fix double free of xp_ltaddr.buf * __rpc_dtbsize: rlim_cur instead of rlim_max * pkg-config: use the correct replacements for libdir/includedir ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4348-1 Released: Thu Nov 2 15:38:52 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1210778,1210853,1212051,1214842,1215095,1215467,1215518,1215745,1215858,1215860,1215861,1216046,1216051,1216134,CVE-2023-2163,CVE-2023-31085,CVE-2023-3111,CVE-2023-34324,CVE-2023-3777,CVE-2023-39189,CVE-2023-39192,CVE-2023-39193,CVE-2023-39194,CVE-2023-42754,CVE-2023-45862 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize) that could cause a local DoS. (bsc#1210778) - CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an object could potentially extend beyond the end of an allocation causing. (bsc#1216051) - CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) - CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) - CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). - CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. (bsc#1216046) - CVE-2023-3111: Fixed a use-after-free vulnerability in prepare_to_relocate in fs/btrfs/relocation.c (bsc#1212051). - CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). - CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). - CVE-2023-39192: Fixed an out of bounds read in the netfilter (bsc#1215858). - CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). The following non-security bugs were fixed: - bpf: propagate precision in ALU/ALU64 operations (git-fixes). - KVM: x86: fix sending PV IPI (git-fixes, bsc#1210853, bsc#1216134). - nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() (bsc#1214842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4453-1 Released: Wed Nov 15 14:24:58 2023 Summary: Recommended update for libjansson Type: recommended Severity: moderate References: 1216541 This update for libjansson ships the missing 32bit library to the Basesystem module of 15 SP5. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4458-1 Released: Thu Nov 16 14:38:48 2023 Summary: Security update for gcc13 Type: security Severity: important References: 1206480,1206684,1210557,1211427,1212101,1213915,1214052,1214460,1215427,1216664,CVE-2023-4039 This update for gcc13 fixes the following issues: This update ship the GCC 13.2 compiler suite and its base libraries. The compiler base libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 12 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP4 and SP5, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc13 compilers use: - install 'gcc13' or 'gcc13-c++' or one of the other 'gcc13-COMPILER' frontend packages. - override your Makefile to use CC=gcc-13, CXX=g++-13 and similar overrides for the other languages. For a full changelog with all new GCC13 features, check out https://gcc.gnu.org/gcc-13/changes.html Detailed changes: * CVE-2023-4039: Fixed -fstack-protector issues on aarch64 with variable length stack allocations. (bsc#1214052) - Work around third party app crash during C++ standard library initialization. [bsc#1216664] - Fixed that GCC13 fails to compile some packages with error: unrecognizable insn (bsc#1215427) - Bump included newlib to version 4.3.0. - Update to GCC trunk head (r13-5254-g05b9868b182bb9) - Redo floatn fixinclude pick-up to simply keep what is there. - Turn cross compiler to s390x to a glibc cross. [bsc#1214460] - Also handle -static-pie in the default-PIE specs - Fixed missed optimization in Skia resulting in Firefox crashes when building with LTO. [bsc#1212101] - Make libstdc++6-devel packages own their directories since they can be installed standalone. [bsc#1211427] - Add new x86-related intrinsics (amxcomplexintrin.h). - RISC-V: Add support for inlining subword atomic operations - Use --enable-link-serialization rather that --enable-link-mutex, the benefit of the former one is that the linker jobs are not holding tokens of the make's jobserver. - Add cross-bpf packages. See https://gcc.gnu.org/wiki/BPFBackEnd for the general state of BPF with GCC. - Add bootstrap conditional to allow --without=bootstrap to be specified to speed up local builds for testing. - Bump included newlib to version 4.3.0. - Also package libhwasan_preinit.o on aarch64. - Configure external timezone database provided by the timezone package. Make libstdc++6 recommend timezone to get a fully working std::chrono. Install timezone when running the testsuite. - Package libhwasan_preinit.o on x86_64. - Fixed unwinding on aarch64 with pointer signing. [bsc#1206684] - Enable PRU flavour for gcc13 - update floatn fixinclude pickup to check each header separately (bsc#1206480) - Redo floatn fixinclude pick-up to simply keep what is there. - Bump libgo SONAME to libgo22. - Do not package libhwasan for biarch (32-bit architecture) as the extension depends on 64-bit pointers. - Adjust floatn fixincludes guard to work with SLE12 and earlier SLE15. - Depend on at least LLVM 13 for GCN cross compiler. - Update embedded newlib to version 4.2.0 - Allow cross-pru-gcc12-bootstrap for armv7l architecture. PRU architecture is used for real-time MCUs embedded into TI armv7l and aarch64 SoCs. We need to have cross-pru-gcc12 for armv7l in order to build both host applications and PRU firmware during the same build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4461-1 Released: Thu Nov 16 15:03:33 2023 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1210286 This update for rsyslog fixes the following issue: - fix rsyslog crash in imrelp (bsc#1210286) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4464-1 Released: Thu Nov 16 17:56:12 2023 Summary: Security update for libxml2 Type: security Severity: moderate References: 1216129,CVE-2023-45322 This update for libxml2 fixes the following issues: - CVE-2023-45322: Fixed a use-after-free in xmlUnlinkNode() in tree.c (bsc#1216129). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4466-1 Released: Thu Nov 16 17:57:03 2023 Summary: Security update for xen Type: security Severity: important References: 1216654,1216807,CVE-2023-46835,CVE-2023-46836 This update for xen fixes the following issues: - CVE-2023-46835: x86/AMD: mismatch in IOMMU quarantine page table levels (XSA-445) (bsc#1216654). - CVE-2023-46836: x86: BTC/SRSO fixes not fully effective (XSA-446) (bsc#1216807). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4467-1 Released: Thu Nov 16 17:57:51 2023 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1216377,CVE-2023-45803 This update for python-urllib3 fixes the following issues: - CVE-2023-45803: Fix a request body leak that could occur when receiving a 303 HTTP response (bsc#1216377). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4519-1 Released: Tue Nov 21 17:39:58 2023 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1216922,CVE-2023-5678 This update for openssl-1_1 fixes the following issues: - CVE-2023-5678: Fixed generating and checking of excessively long X9.42 DH keys that resulted in a possible Denial of Service (bsc#1216922). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4535-1 Released: Thu Nov 23 08:17:40 2023 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1041742,1203760,1212422,1215979,1216091 This update for libzypp, zypper fixes the following issues: - Preliminary disable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091) - Fix comment typo on zypp.conf (bsc#1215979) - Attempt to delay %transfiletrigger(postun|in) execution if rpm supports it (bsc#1041742) - Make sure the old target is deleted before a new one is created (bsc#1203760) - Return 104 also if info suggests near matches - Rephrase upgrade message for openSUSE Tumbleweed (bsc#1212422) - commit: Insert a headline to separate output of different rpm scripts (bsc#1041742) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2023:4583-1 Released: Mon Nov 27 10:16:11 2023 Summary: Feature update for python-psutil Type: feature Severity: moderate References: 1111622,1170175,1176785,1184753,1199282 This update for python-psutil, python-requests fixes the following issues: - update python-psutil to 5.9.1 (bsc#1199282, bsc#1184753, jsc#SLE-24629, jsc#PM-3243, gh#giampaolo/psutil#2043) - Fix tests: setuptools changed the builddir library path and does not find the module from it. Use the installed platlib instead and exclude psutil.tests only later. - remove the dependency on net-tools, since it conflicts with busybox-hostnmame which is default on MicroOS - Update python-requests to 2.25.1 (bsc#1176785, bsc#1170175, jsc#ECO-3105, jsc#PM-2352, jsc#PED-7192) - Fixed bug with unintended Authorization header stripping for redirects using default ports (bsc#1111622). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4587-1 Released: Mon Nov 27 14:25:52 2023 Summary: Security update for vim Type: security Severity: important References: 1215940,1216001,1216167,1216696,CVE-2023-46246,CVE-2023-5344,CVE-2023-5441,CVE-2023-5535 This update for vim fixes the following issues: - CVE-2023-5344: Heap-based Buffer Overflow in vim prior to 9.0.1969 (bsc#1215940) - CVE-2023-5441: segfault in exmode when redrawing (bsc#1216001) - CVE-2023-5535: use-after-free from buf_contents_changed() (bsc#1216167) - CVE-2023-46246: Integer Overflow in :history command (bsc#1216696) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4619-1 Released: Thu Nov 30 10:13:52 2023 Summary: Security update for sqlite3 Type: security Severity: important References: 1210660,CVE-2023-2137 This update for sqlite3 fixes the following issues: - CVE-2023-2137: Fixed heap buffer overflow (bsc#1210660). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4620-1 Released: Thu Nov 30 11:13:43 2023 Summary: Recommended update for libhugetlbfs Type: recommended Severity: moderate References: 1213639,1216576 This update for libhugetlbfs fixes the following issue: - Add patch for upstream issue (bsc#1216576, bsc#1213639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4672-1 Released: Wed Dec 6 14:37:37 2023 Summary: Security update for suse-build-key Type: security Severity: important References: 1216410,1217215 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4699-1 Released: Mon Dec 11 07:02:10 2023 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1217212 This update for gpg2 fixes the following issues: - `dirmngr-client --validate` is broken for DER-encoded files (bsc#1217212) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4704-1 Released: Mon Dec 11 07:20:53 2023 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1192986 This update for dracut fixes the following issues: - Update to version 049.1+suse.257.gf94c3fd1 - Fix network device naming in udev-rules (bsc#1192986) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4713-1 Released: Mon Dec 11 13:23:12 2023 Summary: Security update for curl Type: security Severity: moderate References: 1217573,CVE-2023-46218 This update for curl fixes the following issues: - CVE-2023-46218: Fixed cookie mixed case PSL bypass (bsc#1217573). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4723-1 Released: Tue Dec 12 09:57:51 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1216862 This update for libtirpc fixes the following issue: - fix sed parsing in specfile (bsc#1216862) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4727-1 Released: Tue Dec 12 12:27:39 2023 Summary: Security update for catatonit, containerd, runc Type: security Severity: important References: 1200528,CVE-2022-1996 This update of runc and containerd fixes the following issues: containerd: - Update to containerd v1.7.8. Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.8 * CVE-2022-1996: Fixed CORS bypass in go-restful (bsc#1200528) catatonit: - Update to catatonit v0.2.0. * Change license to GPL-2.0-or-later. - Update to catatont v0.1.7 * This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). - Update to catatonit v0.1.6, which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). runc: - Update to runc v1.1.10. Upstream changelog is available from https://github.com/opencontainers/runc/releases/tag/v1.1.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4811-1 Released: Wed Dec 13 19:01:09 2023 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1084909,1210780,1214037,1214344,1214764,1215371,1216058,1216259,1216584,1216965,1216976,1217140,1217332,1217408,1217780,CVE-2023-31083,CVE-2023-39197,CVE-2023-39198,CVE-2023-45863,CVE-2023-45871,CVE-2023-5717,CVE-2023-6176 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-39197: Fixed a out-of-bounds read in nf_conntrack_dccp_packet() (bsc#1216976). - CVE-2023-6176: Fixed a denial of service in the cryptographic algorithm scatterwalk functionality (bsc#1217332). - CVE-2023-45863: Fixed a out-of-bounds write in fill_kobj_path() (bsc#1216058). - CVE-2023-45871: Fixed an issue in the IGB driver, where the buffer size may not be adequate for frames larger than the MTU (bsc#1216259). - CVE-2023-39198: Fixed a race condition leading to use-after-free in qxl_mode_dumb_create() (bsc#1216965). - CVE-2023-31083: Fixed race condition in hci_uart_tty_ioctl (bsc#1210780). - CVE-2023-5717: Fixed a heap out-of-bounds write vulnerability in the Performance Events component (bsc#1216584). The following non-security bugs were fixed: - ALSA: hda: Disable power-save on KONTRON SinglePC (bsc#1217140). - Call flush_delayed_fput() from nfsd main-loop (bsc#1217408). - net: mana: Configure hwc timeout from hardware (bsc#1214037). - net: mana: Fix MANA VF unload when hardware is unresponsive (bsc#1214764). - powerpc: Do not clobber f0/vs0 during fp|altivec register save (bsc#1217780). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4886-1 Released: Mon Dec 18 09:38:37 2023 Summary: Recommended update for google-guest-agent, google-guest-oslogin Type: recommended Severity: moderate References: 1216546,1216547,1216548,1216750,1216751 This update for google-guest-agent, google-guest-oslogin fixes the following issues: - Update to version 20231031.01 (bsc#1216547, bsc#1216751) - Bump the golang compiler version to 1.21 (bsc#1216546) - Update to version 20231101.00 (bsc#1216548, bsc#1216750) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4891-1 Released: Mon Dec 18 16:31:49 2023 Summary: Security update for ncurses Type: security Severity: moderate References: 1201384,1218014,CVE-2023-50495 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4902-1 Released: Tue Dec 19 13:09:42 2023 Summary: Security update for openssh Type: security Severity: important References: 1214788,1217950,CVE-2023-48795 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4910-1 Released: Tue Dec 19 16:02:41 2023 Summary: Security update for avahi Type: security Severity: moderate References: 1215947,1216419,CVE-2023-38470,CVE-2023-38473 This update for avahi fixes the following issues: - CVE-2023-38473: Fixed a reachable assertion when parsing a host name (bsc#1216419). - CVE-2023-38470: Fixed that each label is at least one byte long (bsc#1215947). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4921-1 Released: Wed Dec 20 09:51:31 2023 Summary: Security update for python-cryptography Type: security Severity: moderate References: 1217592,CVE-2023-49083 This update for python-cryptography fixes the following issues: - CVE-2023-49083: Fixed a NULL pointer dereference when loading certificates from a PKCS#7 bundle (bsc#1217592). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4936-1 Released: Wed Dec 20 17:18:21 2023 Summary: Security update for docker, rootlesskit Type: security Severity: important References: 1170415,1170446,1178760,1210141,1213229,1213500,1215323,1217513,CVE-2020-12912,CVE-2020-8694,CVE-2020-8695 This update for docker, rootlesskit fixes the following issues: docker: - Update to Docker 24.0.7-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2407>. bsc#1217513 * Deny containers access to /sys/devices/virtual/powercap by default. - CVE-2020-8694 bsc#1170415 - CVE-2020-8695 bsc#1170446 - CVE-2020-12912 bsc#1178760 - Update to Docker 24.0.6-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2406 . bsc#1215323 - Add a docker.socket unit file, but with socket activation effectively disabled to ensure that Docker will always run even if you start the socket individually. Users should probably just ignore this unit file. bsc#1210141 - Update to Docker 24.0.5-ce. See upstream changelong online at https://docs.docker.com/engine/release-notes/24.0/#2405 . bsc#1213229 This update ships docker-rootless support in the docker-rootless-extra package. (jsc#PED-6180) rootlesskit: - new package, for docker rootless support. (jsc#PED-6180) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4963-1 Released: Fri Dec 22 14:37:08 2023 Summary: Recommended update for curl Type: recommended Severity: important References: 1216987 This update for curl fixes the following issues: - libssh: Implement SFTP packet size limit (bsc#1216987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:4986-1 Released: Thu Dec 28 16:05:33 2023 Summary: Security update for gnutls Type: security Severity: moderate References: 1217277,CVE-2023-5981 This update for gnutls fixes the following issues: - CVE-2023-5981: Fixed timing side-channel inside RSA-PSK key exchange (bsc#1217277). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:9-1 Released: Tue Jan 2 13:20:01 2024 Summary: Recommended update for samba Type: recommended Severity: moderate References: 1214076 This update for samba fixes the following issues: - Add 'net offlinejoin composeodj' command (bsc#1214076) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-?? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:43-1 Released: Fri Jan 5 14:49:13 2024 Summary: Recommended update for libsolv, zypper, libzypp Type: recommended Severity: moderate References: 1212160,1215294,1216412,1217593,1217873,1218291 This update for libsolv, zypper, libzypp fixes the following issues: - Expand RepoVars in URLs downloading a .repo file (bsc#1212160) - Fix search/info commands ignoring --ignore-unknown (bsc#1217593) - CheckAccessDeleted: fix 'running in container' filter (bsc#1218291) - Open rpmdb just once during execution of %posttrans scripts (bsc#1216412) - Make sure reboot-needed is remembered until next boot (bsc#1217873) - Stop using boost version 1 timer library (bsc#1215294) - Updated to version 0.7.27 - Add zstd support for the installcheck tool - Add putinowndirpool cache to make file list handling in repo_write much faster - Do not use deprecated headerUnload with newer rpm versions - Support complex deps in SOLVABLE_PREREQ_IGNOREINST - Fix minimization not prefering installed packages in some cases - Reduce memory usage in repo_updateinfoxml - Fix lock-step interfering with architecture selection - Fix choice rule handing for package downgrades - Fix complex dependencies with an 'else' part sometimes leading to unsolved dependencies ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:50-1 Released: Mon Jan 8 03:18:56 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1217695,1217696 This update for python-instance-billing-flavor-check fixes the following issues: - Run the command as sudo only (bsc#1217696, bsc#1217695) - Handle exception for Python 3.4 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:62-1 Released: Mon Jan 8 11:44:47 2024 Summary: Recommended update for libxcrypt Type: recommended Severity: moderate References: 1215496 This update for libxcrypt fixes the following issues: - fix variable name for datamember [bsc#1215496] - added patches fix https://github.com/besser82/libxcrypt/commit/b212d601549a0fc84cbbcaf21b931f903787d7e2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:70-1 Released: Tue Jan 9 18:29:39 2024 Summary: Security update for tar Type: security Severity: low References: 1217969,CVE-2023-39804 This update for tar fixes the following issues: - CVE-2023-39804: Fixed extension attributes in PAX archives incorrect hanling (bsc#1217969). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:126-1 Released: Tue Jan 16 13:48:02 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: moderate References: 1218364 This update for suseconnect-ng fixes the following issues: - Update to version 1.5.0 - Configure docker credentials for registry authentication - Feature: Support usage from Agama + Cockpit for ALP Micro system registration (bsc#1218364) - Add --json output option ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:136-1 Released: Thu Jan 18 09:53:47 2024 Summary: Security update for pam Type: security Severity: moderate References: 1217000,1218475,CVE-2024-22365 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:153-1 Released: Thu Jan 18 15:04:35 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1179610,1215237,1215375,1217250,1217709,1217946,1217947,1218105,1218253,1218258,1218559,CVE-2020-26555,CVE-2023-51779,CVE-2023-6121,CVE-2023-6606,CVE-2023-6610,CVE-2023-6931,CVE-2023-6932 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-26555: Fixed Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B that may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN (bsc#1179610 bsc#1215237). - CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race condition in bt_sock_recvmsg (bsc#1218559). - CVE-2023-6121: Fixed an out-of-bounds read vulnerability in the NVMe-oF/TCP subsystem that could lead to information leak (bsc#1217250). - CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). - CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component that could lead to local privilege escalation. (bsc#1218258). - CVE-2023-6932: Fixed a use-after-free vulnerability in the Linux kernel's ipv4: igmp component that could lead to local privilege escalation (bsc#1218253). The following non-security bugs were fixed: - clocksource: Avoid accidental unstable marking of clocksources (bsc#1218105). - clocksource: Suspend the watchdog temporarily when high read latency detected (bsc#1218105). - doc/README.SUSE: Add how to update the config for module signing (jsc#PED-5021) - doc/README.SUSE: Remove how to build modules using kernel-source (jsc#PED-5021) - doc/README.SUSE: Simplify the list of references (jsc#PED-5021). - efi/mokvar: Reserve the table only if it is in boot services data (bsc#1215375). - io_uring: fix 32-bit compatability with sendmsg/recvmsg (bsc#1217709). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:161-1 Released: Thu Jan 18 18:40:46 2024 Summary: Recommended update for dpdk22 Type: recommended Severity: moderate References: This update of dpdk22 fixes the following issue: - DPDK 22.11.1 is shipped to SLE Micro 5.5. (jsc#PED-7147) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:164-1 Released: Fri Jan 19 05:47:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1207987 This update for util-linux fixes the following issues: - Instead of explicitly truncating clocks.txt file, pad with whitespaces in the end of file. This is done to improve performance of libuuid on xfs. (bsc#1207987) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:187-1 Released: Tue Jan 23 13:38:00 2024 Summary: Recommended update for python-chardet Type: recommended Severity: moderate References: 1218765 This update for python-chardet fixes the following issues: - Fix update-alternative in %postun (bsc#1218765) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:189-1 Released: Tue Jan 23 13:54:18 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: critical References: 1217961,1218649 This update for suseconnect-ng contains the following fix: - Update to version 1.6.0: * Disable EULA display for addons. (bsc#1218649 and bsc#1217961) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:232-1 Released: Thu Jan 25 11:58:05 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1217775 This update for suse-module-tools fixes the following issues: - Update to version 15.3.18 - Add symlink /boot/.vmlinuz.hmac (bsc#1217775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:254-1 Released: Fri Jan 26 17:19:30 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: 1217952 This update for containerd fixes the following issues: - Fix permissions of address file (bsc#1217952) - Update to version 1.7.10 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:264-1 Released: Tue Jan 30 14:19:02 2024 Summary: Security update for xen Type: security Severity: moderate References: 1218851,CVE-2023-46839 This update for xen fixes the following issues: - CVE-2023-46839: Fixed phantom functions assigned to incorrect contexts (XSA-449) (bsc#1218851) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:295-1 Released: Thu Feb 1 08:23:17 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: Update to runc v1.1.11: - CVE-2024-21626: Fixed container breakout. (bsc#1218894) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:306-1 Released: Thu Feb 1 17:58:09 2024 Summary: Recommended update for python-instance-billing-flavor-check Type: recommended Severity: moderate References: 1218561,1218739 This update for python-instance-billing-flavor-check fixes the following issues: - Support proxy setup on the client to access the update infrastructure API (bsc#1218561) - Add IPv6 support (bsc#1218739) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:322-1 Released: Fri Feb 2 15:13:26 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1107342,1215434 This update for aaa_base fixes the following issues: - Set JAVA_HOME correctly (bsc#1107342, bsc#1215434) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:427-1 Released: Thu Feb 8 12:56:57 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1183663,1193173,1196293,1211547,1216049,1216388,1216390,1216522,1216827,1217287,1218201,1218282 This update for supportutils fixes the following issues: - Update to version 3.1.28 - Correctly detects Xen Dom0 (bsc#1218201) - Fixed smart disk error (bsc#1218282) - Remove supportutils requires for util-linux-systemd and kmod (bsc#1193173) - Added missing klp information to kernel-livepatch.txt (bsc#1216390) - Fixed plugins creating empty files when using supportconfig.rc (bsc#1216388) - Provides long listing for /etc/sssd/sssd.conf (bsc#1211547) - Optimize lsof usage (bsc#1183663) - Collects chrony or ntp as needed (bsc#1196293) - Fixed podman display issue (bsc#1217287) - Added nvme-stas configuration to nvme.txt (bsc#1216049) - Added timed command to fs-files.txt (bsc#1216827) - Collects zypp history file issue#166 (bsc#1216522) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:444-1 Released: Fri Feb 9 16:39:32 2024 Summary: Security update for suse-build-key Type: security Severity: important References: 1219123,1219189 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:458-1 Released: Tue Feb 13 14:34:14 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to version 0.378 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:459-1 Released: Tue Feb 13 15:28:56 2024 Summary: Security update for runc Type: security Severity: important References: 1218894,CVE-2024-21626 This update for runc fixes the following issues: - Update to runc v1.1.12 (bsc#1218894) The following CVE was already fixed with the previous release. - CVE-2024-21626: Fixed container breakout. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:467-1 Released: Wed Feb 14 12:21:14 2024 Summary: Recommended update for google-guest-agent, google-guest-oslogin Type: recommended Severity: critical References: 1219642 This update for google-guest-agent, google-guest-oslogin contains the following fix: - Add explicit versioned dependency on google-guest-oslogin (bsc#1219642) - Add explicit versioned dependency on google-guest-agent (bsc#1219642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:474-1 Released: Wed Feb 14 18:00:29 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1108281,1193285,1215275,1216702,1217987,1217988,1217989,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1219053,1219120,1219412,1219434,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-4921,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0565,CVE-2024-0775,CVE-2024-1086 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434). - CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730). - CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836). - CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412). - CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988). - CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989). - CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987). - CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702). - CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network scheduler which could be exploited to achieve local privilege escalation (bsc#1215275). - CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120). - CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053). - CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832). - CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804). - CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752). - CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757). The following non-security bugs were fixed: - Limit kernel-source build to architectures for which the kernel binary is built (bsc#1108281). - x86/entry/ia32: Ensure s32 is sign extended to s64 (bsc#1193285). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:475-1 Released: Wed Feb 14 19:08:44 2024 Summary: Recommended update for libsolv Type: recommended Severity: important References: 1215698,1218782,1218831,1219442 This update for libsolv, libzypp fixes the following issues: - build for multiple python versions [jsc#PED-6218] - applydeltaprm: Create target directory if it does not exist (bsc#1219442) - Fix problems with EINTR in ExternalDataSource::getline (bsc#1215698) - CheckAccessDeleted: fix running_in_container detection (bsc#1218782) - Detect CURLOPT_REDIR_PROTOCOLS_STR availability at runtime (bsc#1218831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:525-1 Released: Mon Feb 19 08:03:59 2024 Summary: Security update for libssh Type: security Severity: important References: 1158095,1168699,1174713,1189608,1211188,1211190,1218126,1218186,1218209,CVE-2019-14889,CVE-2020-16135,CVE-2020-1730,CVE-2021-3634,CVE-2023-1667,CVE-2023-2283,CVE-2023-48795,CVE-2023-6004,CVE-2023-6918 This update for libssh fixes the following issues: Update to version 0.9.8 (jsc#PED-7719): * Fix CVE-2023-6004: Command injection using proxycommand (bsc#1218209) * Fix CVE-2023-48795: Potential downgrade attack using strict kex (bsc#1218126) * Fix CVE-2023-6918: Missing checks for return values of MD functions (bsc#1218186) * Allow @ in usernames when parsing from URI composes Update to version 0.9.7: * Fix CVE-2023-1667: a NULL dereference during rekeying with algorithm guessing (bsc#1211188) * Fix CVE-2023-2283: a possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) * Fix several memory leaks in GSSAPI handling code Update to version 0.9.6 (bsc#1189608, CVE-2021-3634): * https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.9.6 Update to 0.9.5 (bsc#1174713, CVE-2020-16135): * CVE-2020-16135: Avoid null pointer dereference in sftpserver (T232) * Improve handling of library initialization (T222) * Fix parsing of subsecond times in SFTP (T219) * Make the documentation reproducible * Remove deprecated API usage in OpenSSL * Fix regression of ssh_channel_poll_timeout() returning SSH_AGAIN * Define version in one place (T226) * Prevent invalid free when using different C runtimes than OpenSSL (T229) * Compatibility improvements to testsuite Update to version 0.9.4 * https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/ * Fix possible Denial of Service attack when using AES-CTR-ciphers CVE-2020-1730 (bsc#1168699) Update to version 0.9.3 * Fixed CVE-2019-14889 - SCP: Unsanitized location leads to command execution (bsc#1158095) * SSH-01-003 Client: Missing NULL check leads to crash in erroneous state * SSH-01-006 General: Various unchecked Null-derefs cause DOS * SSH-01-007 PKI Gcrypt: Potential UAF/double free with RSA pubkeys * SSH-01-010 SSH: Deprecated hash function in fingerprinting * SSH-01-013 Conf-Parsing: Recursive wildcards in hostnames lead to DOS * SSH-01-014 Conf-Parsing: Integer underflow leads to OOB array access * SSH-01-001 State Machine: Initial machine states should be set explicitly * SSH-01-002 Kex: Differently bound macros used to iterate same array * SSH-01-005 Code-Quality: Integer sign confusion during assignments * SSH-01-008 SCP: Protocol Injection via unescaped File Names * SSH-01-009 SSH: Update documentation which RFCs are implemented * SSH-01-012 PKI: Information leak via uninitialized stack buffer Update to version 0.9.2 * Fixed libssh-config.cmake * Fixed issues with rsa algorithm negotiation (T191) * Fixed detection of OpenSSL ed25519 support (T197) Update to version 0.9.1 * Added support for Ed25519 via OpenSSL * Added support for X25519 via OpenSSL * Added support for localuser in Match keyword * Fixed Match keyword to be case sensitive * Fixed compilation with LibreSSL * Fixed error report of channel open (T75) * Fixed sftp documentation (T137) * Fixed known_hosts parsing (T156) * Fixed build issue with MinGW (T157) * Fixed build with gcc 9 (T164) * Fixed deprecation issues (T165) * Fixed known_hosts directory creation (T166) - Split out configuration to separate package to not mess up the library packaging and coinstallation Update to verion 0.9.0 * Added support for AES-GCM * Added improved rekeying support * Added performance improvements * Disabled blowfish support by default * Fixed several ssh config parsing issues * Added support for DH Group Exchange KEX * Added support for Encrypt-then-MAC mode * Added support for parsing server side configuration file * Added support for ECDSA/Ed25519 certificates * Added FIPS 140-2 compatibility * Improved known_hosts parsing * Improved documentation * Improved OpenSSL API usage for KEX, DH, and signatures - Add libssh client and server config files ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:534-1 Released: Tue Feb 20 08:48:52 2024 Summary: Recommended update for supportutils-plugin-suse-public-cloud Type: recommended Severity: moderate References: 1218762,1218763 This update for supportutils-plugin-suse-public-cloud fixes the following issues: - Update to version 1.0.9 (bsc#1218762, bsc#1218763) - Remove duplicate data collection for the plugin itself - Collect archive metering data when available - Query billing flavor status ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:569-1 Released: Wed Feb 21 07:19:46 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219425 This update for suseconnect-ng fixes the following issues: - Allow SUSEConnect on read write transactional systems (bsc#1219425) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:581-1 Released: Wed Feb 21 14:08:16 2024 Summary: Security update for python3 Type: security Severity: moderate References: 1210638,CVE-2023-27043 This update for python3 fixes the following issues: - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character (bsc#1210638). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:586-1 Released: Thu Feb 22 09:54:21 2024 Summary: Security update for docker Type: security Severity: important References: 1219267,1219268,1219438,CVE-2024-23651,CVE-2024-23652,CVE-2024-23653 This update for docker fixes the following issues: Vendor latest buildkit v0.11 including bugfixes for the following: * CVE-2024-23653: BuildKit API doesn't validate entitlement on container creation (bsc#1219438). * CVE-2024-23652: Fixed arbitrary deletion of files (bsc#1219268). * CVE-2024-23651: Fixed race condition in mount (bsc#1219267). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:596-1 Released: Thu Feb 22 20:05:29 2024 Summary: Security update for openssh Type: security Severity: important References: 1218215,CVE-2023-51385 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:615-1 Released: Mon Feb 26 11:32:32 2024 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1211886 This update for netcfg fixes the following issues: - Add krb-prop entry (bsc#1211886) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:725-1 Released: Thu Feb 29 11:03:34 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1219123,1219189 This update for suse-build-key fixes the following issues: - Switch container key to be default RSA 4096bit. (jsc#PED-2777) - run import script also in %posttrans section, but only when libzypp is not active. bsc#1219189 bsc#1219123 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:792-1 Released: Thu Mar 7 09:55:23 2024 Summary: Recommended update for timezone Type: recommended Severity: moderate References: This update for timezone fixes the following issues: - Update to version 2024a - Kazakhstan unifies on UTC+5 - Palestine springs forward a week later than previously predicted in 2024 and 2025 - Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00 - From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00 - In 1911 Miquelon adopted standard time on June 15, not May 15 - The FROM and TO columns of Rule lines can no longer be 'minimum' - localtime no longer mishandle some timestamps - strftime %s now uses tm_gmtoff if available - Ittoqqortoormiit, Greenland changes time zones on 2024-03-31 - Vostok, Antarctica changed time zones on 2023-12-18 - Casey, Antarctica changed time zones five times since 2020 - Code and data fixes for Palestine timestamps starting in 2072 - A new data file zonenow.tab for timestamps starting now - Much of Greenland changed its standard time from -03 to -02 on 2023-03-25 - localtime.c no longer mishandles TZif files that contain a single transition into a DST regime - tzselect no longer creates temporary files - tzselect no longer mishandles the following: * Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION. * TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/ * ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments * Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension * zic no longer mishandles data for Palestine after the year 2075 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:824-1 Released: Fri Mar 8 17:34:36 2024 Summary: Security update for cpio Type: security Severity: moderate References: 1218571,1219238,CVE-2023-7207 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:832-1 Released: Mon Mar 11 10:30:30 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1219243,CVE-2024-0727 This update for openssl-1_1 fixes the following issues: - CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:834-1 Released: Mon Mar 11 14:22:12 2024 Summary: Security update for sudo Type: security Severity: important References: 1219026,1220389,CVE-2023-42465 This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks (bsc#1219026). Fixed issues introduced by first patches for CVE-2023-42465 (bsc#1220389). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:849-1 Released: Tue Mar 12 15:38:04 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1198533,1214169,1218952 This update for cloud-init contains the following fixes: - Skip tests with empty config. - Support reboot on package update/upgrade via the cloud-init config. (bsc#1198533, bsc#1218952, jsc#SMO-326) - Switch build dependency to the generic distribution-release package. - Move fdupes call back to %install. (bsc#1214169) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:853-1 Released: Tue Mar 12 17:20:28 2024 Summary: Recommended update for qrencode Type: recommended Severity: moderate References: This update for qrencode fixes the following issues: - update to 4.1.1 (jsc#PED-7296): * Some minor bugs in Micro QR Code generation have been fixed. * The data capacity calculations are now correct. These bugs probably did not affect the Micro QR Code generation. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:857-1 Released: Wed Mar 13 01:07:44 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1200599,1207653,1212514,1213456,1216223,1218195,1218689,1218915,1219127,1219128,1219146,1219295,1219653,1219827,1219835,1219915,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220253,1220255,1220328,1220330,1220344,1220398,1220409,1220416,1220418,1220421,1220436,1220444,1220459,1220469,1220482,1220526,1220538,1220570,1220572,1220599,1220627,1220641,1220649,1220660,1220689,1220700,1220735,1220736,1220737,1220742,1220745,1220767,1220796,1220825,1220826,1220831,1220845,1220860,1220863,1220870,1220917,1220918,1220930,1220931,1220932,1221039,1221040,CVE-2019-25162,CVE-2020-36777,CVE-2020-36784,CVE-2021-46904,CVE-2021-46905,CVE-2021-46906,CVE-2021-46915,CVE-2021-46924,CVE-2021-46929,CVE-2021-46932,CVE-2021-46934,CVE-2021-46953,CVE-2021-46964,CVE-2021-46966,CVE-2021-46968,CVE-2021-46974,CVE-2021-46989,CVE-2021-47005,CVE-2021-47012,CVE-2021-47013,CVE-2021-47054,CVE-2021-47060,CVE-2021-47061,CVE-2021-47069,CVE-2021-47076,CVE-2021-47078,CVE-2021-47083,CVE-2022-201 54,CVE-2022-48627,CVE-2023-28746,CVE-2023-35827,CVE-2023-46343,CVE-2023-51042,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52463,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52502,CVE-2023-52530,CVE-2023-52531,CVE-2023-52532,CVE-2023-52569,CVE-2023-52574,CVE-2023-52597,CVE-2023-52605,CVE-2023-6817,CVE-2024-0340,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26593,CVE-2024-26595,CVE-2024-26602,CVE-2024-26607,CVE-2024-26622 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831). - CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2023-52340: Fixed ICMPv6 ???Packet Too Big??? packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295). - CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915). - CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195). - CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825). - CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250). - CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444) - CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328). - CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238). - CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649) - CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796) - CVE-2021-46915: Fixed a bug to avoid possible divide error in nft_limit_init (bsc#1220436). - CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459) - CVE-2019-25162: Fixed a potential use after free (bsc#1220409). - CVE-2020-36784: Fixed reference leak when pm_runtime_get_sync fails (bsc#1220570). - CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241). - CVE-2023-46343: Fixed a NULL pointer dereference in send_acknowledge() (CVE-2023-46343). - CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140). - CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240). - CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398). - CVE-2024-26593: Fixed block process call transactions (bsc#1220009). - CVE-2021-47013: Fixed a use after free in emac_mac_tx_buf_send (bsc#1220641). - CVE-2024-26586: Fixed stack corruption (bsc#1220243). - CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344). - CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253). - CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835). - CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127). - CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689). - CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128). - CVE-2021-47078: Fixed a bug by clearing all QP fields if creation failed (bsc#1220863) - CVE-2021-47076: Fixed a bug by returning CQE error if invalid lkey was supplied (bsc#1220860) - CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039) - CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918). - CVE-2023-52482: Fixex a bug by adding SRSO mitigation for Hygon processors (bsc#1220735). - CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040). - CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845). - CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870). - CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469). - CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514). - CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932). - CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930). - CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931). - CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917). - CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736). - CVE-2021-47005: Fixed a NULL pointer dereference for ->get_features() (bsc#1220660). - CVE-2021-47060: Fixed a bug in KVM by stop looking for coalesced MMIO zones if the bus is destroyed (bsc#1220742). - CVE-2021-47012: Fixed a use after free in siw_alloc_mr (bsc#1220627). - CVE-2021-46989: Fixed a bug by preventing corruption in shrinking truncate in hfsplus (bsc#1220737). - CVE-2021-47061: Fixed a bug in KVM by destroy I/O bus devices on unregister failure _after_ sync'ing SRCU (bsc#1220745). The following non-security bugs were fixed: - EDAC/thunderx: Fix possible out-of-bounds string access (bsc#1220330) - ext4: fix deadlock due to mbcache entry corruption (bsc#1207653 bsc#1219915). - ibmvfc: make 'max_sectors' a module option (bsc#1216223). - KVM: Destroy target device if coalesced MMIO unregistration fails (git-fixes). - KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio (git-fixes). - KVM: VMX: Move VERW closer to VMentry for MDS mitigation (git-fixes). - KVM: VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (git-fixes). - KVM: x86: add support for CPUID leaf 0x80000021 (git-fixes). - KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (git-fixes). - KVM: x86: synthesize CPUID leaf 0x80000021h if useful (git-fixes). - KVM: x86: work around QEMU issue with synthetic CPUID leaves (git-fixes). - mbcache: Fixup kABI of mb_cache_entry (bsc#1207653 bsc#1219915). - scsi: Update max_hw_sectors on rescan (bsc#1216223). - x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (git-fixes). - x86/bugs: Add asm helpers for executing VERW (git-fixes). - x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (git-fixes). Also add the removed mds_user_clear symbol to kABI severities as it is exposed just for KVM module and is generally a core kernel component so removing it is low risk. - x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (git-fixes). - x86/entry_32: Add VERW just before userspace transition (git-fixes). - x86/entry_64: Add VERW just before userspace transition (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:860-1 Released: Wed Mar 13 08:45:21 2024 Summary: Security update for gnutls Type: security Severity: moderate References: 1218865,CVE-2023-5981,CVE-2024-0553 This update for gnutls fixes the following issues: - CVE-2024-0553: Fixed insufficient mitigation for side channel attack in RSA-PSK, aka CVE-2023-5981 (bsc#1218865). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:861-1 Released: Wed Mar 13 09:12:30 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1218232 This update for aaa_base fixes the following issues: - Silence the output in the case of broken symlinks (bsc#1218232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:870-1 Released: Wed Mar 13 13:05:14 2024 Summary: Security update for glibc Type: security Severity: moderate References: 1217445,1217589,1218866 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:871-1 Released: Wed Mar 13 13:07:46 2024 Summary: Security update for vim Type: security Severity: important References: 1215005,1217316,1217320,1217321,1217324,1217326,1217329,1217330,1217432,1219581,CVE-2023-4750,CVE-2023-48231,CVE-2023-48232,CVE-2023-48233,CVE-2023-48234,CVE-2023-48235,CVE-2023-48236,CVE-2023-48237,CVE-2023-48706,CVE-2024-22667 This update for vim fixes the following issues: - CVE-2023-48231: Fixed Use-After-Free in win_close() (bsc#1217316). - CVE-2023-48232: Fixed Floating point Exception in adjust_plines_for_skipcol() (bsc#1217320). - CVE-2023-48233: Fixed overflow with count for :s command (bsc#1217321). - CVE-2023-48234: Fixed overflow in nv_z_get_count (bsc#1217324). - CVE-2023-48235: Fixed overflow in ex address parsing (bsc#1217326). - CVE-2023-48236: Fixed overflow in get_number (bsc#1217329). - CVE-2023-48237: Fixed overflow in shift_line (bsc#1217330). - CVE-2023-48706: Fixed heap-use-after-free in ex_substitute (bsc#1217432). - CVE-2024-22667: Fixed stack-based buffer overflow in did_set_langmap function in map.c (bsc#1219581). - CVE-2023-4750: Fixed heap use-after-free in function bt_quickfix (bsc#1215005). Updated to version 9.1 with patch level 0111: https://github.com/vim/vim/compare/v9.0.2103...v9.1.0111 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:896-1 Released: Thu Mar 14 15:54:44 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1215692,1218926,1218927,1219265 This update for wicked fixes the following issues: - ifreload: VLAN changes require device deletion (bsc#1218927) - ifcheck: fix config changed check (bsc#1218926) - client: fix exit code for no-carrier status (bsc#1219265) - dhcp6: omit the SO_REUSEPORT option (bsc#1215692) - duid: fix comment for v6time - rtnl: fix peer address parsing for non ptp-interfaces - system-updater: parse updater format from XML configuration to ensure install calls can run ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:901-1 Released: Thu Mar 14 17:49:10 2024 Summary: Security update for python3 Type: security Severity: important References: 1214691,1219666,CVE-2022-48566,CVE-2023-6597 This update for python3 fixes the following issues: - CVE-2023-6597: Fixed symlink bug in cleanup of tempfile.TemporaryDirectory (bsc#1219666). - CVE-2022-48566: Make compare_digest more constant-time (bsc#1214691). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:904-1 Released: Fri Mar 15 08:42:04 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1214713,1218632,1218812,1218814,1219241,1219639 This update for supportutils fixes the following issues: - Update toversion 3.1.29 - Extended scaling for performance (bsc#1214713) - Fixed kdumptool output error (bsc#1218632) - Corrected podman ID errors (bsc#1218812) - Duplicate non root podman entries removed (bsc#1218814) - Corrected get_sles_ver for SLE Micro (bsc#1219241) - Check nvidida-persistenced state (bsc#1219639) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:935-1 Released: Tue Mar 19 13:03:44 2024 Summary: Security update for xen Type: security Severity: moderate References: 1219885,CVE-2023-46841 This update for xen fixes the following issues: - CVE-2023-46841: Fixed shadow stack vs exceptions from emulation stubs (XSA-451) (bsc#1219885). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:944-1 Released: Wed Mar 20 09:15:53 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679 This update for suseconnect-ng fixes the following issues: - Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) - Update to version 1.7.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:949-1 Released: Wed Mar 20 20:00:11 2024 Summary: Recommended update for growpart-rootgrow Type: recommended Severity: moderate References: 1219941 This update for growpart-rootgrow fixes the following issues: - Update to version 1.0.7 - Support root to be in a btrfs snapshot (bsc#1219941) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:980-1 Released: Mon Mar 25 06:18:28 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1219767 This update for pam-config fixes the following issues: - Fix pam_gnome_keyring module for AUTH (bsc#1219767) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:984-1 Released: Mon Mar 25 16:04:44 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1192051,1221050 This update for runc fixes the following issues: - Add upstream patch to properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050 This allows running 15 SP6 containers on older distributions. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1001-1 Released: Wed Mar 27 01:48:30 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1015-1 Released: Thu Mar 28 06:08:11 2024 Summary: Recommended update for sed Type: recommended Severity: important References: 1221218 This update for sed fixes the following issues: - 'sed -i' now creates temporary files with correct umask (bsc#1221218) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1104-1 Released: Wed Apr 3 14:29:59 2024 Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs Type: recommended Severity: important References: This update for docker fixes the following issues: - Overlay files are world-writable (bsc#1220339) - Allow disabling apparmor support (some products only support SELinux) The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs) are no-change rebuilds required because the corresponding binary packages were missing in a number of repositories, thus making docker not installable on some products. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1118-1 Released: Fri Apr 5 06:33:40 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed reachable assertion in dbus_set_host_name (bsc#1216594). - CVE-2023-38469: Fixed reachable assertions in avahi (bsc#1216598). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1120-1 Released: Fri Apr 5 14:03:46 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1126-1 Released: Mon Apr 8 07:06:47 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1220996,1221194,1221358 This update for wicked fixes the following issues: - Fix fallback-lease drop in addrconf (bsc#1220996) - Use upstream `nvme nbft show` (bsc#1221358) - Hide secrets in debug log (bsc#1221194) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1133-1 Released: Mon Apr 8 11:29:02 2024 Summary: Security update for ncurses Type: security Severity: moderate References: 1220061,CVE-2023-45918 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1136-1 Released: Mon Apr 8 11:30:15 2024 Summary: Security update for c-ares Type: security Severity: moderate References: 1220279,CVE-2024-25629 This update for c-ares fixes the following issues: - CVE-2024-25629: Fixed out of bounds read in ares__read_line() (bsc#1220279). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1152-1 Released: Mon Apr 8 11:36:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221332,1221334,CVE-2023-28746,CVE-2024-2193 This update for xen fixes the following issues: - CVE-2023-28746: Register File Data Sampling (bsc#1221332) - CVE-2024-2193: Fixed GhostRace, a speculative race conditions. (bsc#1221334) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1170-1 Released: Tue Apr 9 09:51:25 2024 Summary: Security update for util-linux Type: security Severity: important References: 1194038,1207987,1221831,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1176-1 Released: Tue Apr 9 10:43:33 2024 Summary: Recommended update for hwdata Type: recommended Severity: moderate References: This update for hwdata fixes the following issues: - Update to 0.380 - Update pci, usb and vendor ids ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1190-1 Released: Wed Apr 10 03:28:33 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1202-1 Released: Thu Apr 11 10:49:35 2024 Summary: Recommended update for libzypp, zypper, PackageKit Type: recommended Severity: moderate References: 1175678,1218171,1218544,1221525,CVE-2024-0217 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1231-1 Released: Thu Apr 11 15:20:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1220441 This update for glibc fixes the following issues: - duplocale: protect use of global locale (bsc#1220441, BZ #23970) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1253-1 Released: Fri Apr 12 08:15:18 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239 This update for gcc13 fixes the following issues: - Fix unwinding for JIT code. [bsc#1221239] - Revert libgccjit dependency change. [bsc#1220724] - Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3 breaks them. [bsc#1219520] - Add support for -fmin-function-alignment. [bsc#1214934] - Use %{_target_cpu} to determine host and build. - Fix for building TVM. [bsc#1218492] - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6. - Fixed building mariadb on i686. [bsc#1217667] - Avoid update-alternatives dependency for accelerator crosses. - Package tool links to llvm in cross-amdgcn-gcc13 rather than in cross-amdgcn-newlib13-devel since that also has the dependence. - Depend on llvmVER instead of llvm with VER equal to %product_libs_llvm_ver where available and adjust tool discovery accordingly. This should also properly trigger re-builds when the patchlevel version of llvmVER changes, possibly changing the binary names we link to. [bsc#1217450] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1279-1 Released: Fri Apr 12 21:35:09 2024 Summary: Recommended update for python3 Type: recommended Severity: moderate References: 1222109 This update for python3 fixes the following issue: - Fix syslog making default 'ident' from sys.argv (bsc#1222109) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1335-1 Released: Thu Apr 18 14:44:22 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1222105 This update for wicked fixes the following issues: - Do not convert sec to msec twice (bsc#1222105) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1366-1 Released: Mon Apr 22 11:04:32 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1216474,1218871,1221123,1222831 This update for openssh fixes the following issues: - Fix hostbased ssh login failing occasionally with 'signature unverified: incorrect signature' by fixing a typo in patch (bsc#1221123) - Avoid closing IBM Z crypto devices nodes. (bsc#1218871) - Allow usage of IBM Z crypto adapter cards in seccomp filters (bsc#1216474) - Change the default value of UpdateHostKeys to Yes (unless VerifyHostKeyDNS is enabled). This makes ssh update the known_hosts stored keys with all published versions by the server (after it's authenticated with an existing key), which will allow to identify the server with a different key if the existing key is considered insecure at some point in the future (bsc#1222831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1368-1 Released: Mon Apr 22 11:06:29 2024 Summary: Security update for shim Type: security Severity: important References: 1198101,1205588,1205855,1210382,1213945,1215098,1215099,1215100,1215101,1215102,1215103,1219460,CVE-2022-28737,CVE-2023-40546,CVE-2023-40547,CVE-2023-40548,CVE-2023-40549,CVE-2023-40550,CVE-2023-40551 This update for shim fixes the following issues: - Update shim-install to set the TPM2 SRK algorithm (bsc#1213945) - Limit the requirement of fde-tpm-helper-macros to the distro with suse_version 1600 and above (bsc#1219460) Update to version 15.8: Security issues fixed: - mok: fix LogError() invocation (bsc#1215099,CVE-2023-40546) - avoid incorrectly trusting HTTP headers (bsc#1215098,CVE-2023-40547) - Fix integer overflow on SBAT section size on 32-bit system (bsc#1215100,CVE-2023-40548) - Authenticode: verify that the signature header is in bounds (bsc#1215101,CVE-2023-40549) - pe: Fix an out-of-bound read in verify_buffer_sbat() (bsc#1215102,CVE-2023-40550) - pe-relocate: Fix bounds check for MZ binaries (bsc#1215103,CVE-2023-40551) The NX flag is disable which is same as the default value of shim-15.8, hence, not need to enable it by this patch now. - Generate dbx during build so we don't include binary files in sources - Don't require grub so shim can still be used with systemd-boot - Update shim-install to fix boot failure of ext4 root file system on RAID10 (bsc#1205855) - Adopt the macros from fde-tpm-helper-macros to update the signature in the sealed key after a bootloader upgrade - Update shim-install to amend full disk encryption support - Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector - Use the long name to specify the grub2 key protector - cryptodisk: support TPM authorized policies - Do not use tpm_record_pcrs unless the command is in command.lst - Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to enable the NX compatibility flag when using post-process-pe after discussed with grub2 experts in mail. It's useful for further development and testing. (bsc#1205588) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1375-1 Released: Mon Apr 22 14:56:13 2024 Summary: Security update for glibc Type: security Severity: important References: 1222992,CVE-2024-2961 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1398-1 Released: Tue Apr 23 13:58:22 2024 Summary: Recommended update for systemd-default-settings Type: recommended Severity: moderate References: This update for systemd-default-settings fixes the following issues: - Disable pids controller limit under user instances (jsc#SLE-10123) - Disable controllers by default (jsc#PED-2276) - The usage of drop-ins is now the official way for configuring systemd and its various daemons on Factory/ALP, hence the early drop-ins SUSE specific 'feature' has been abandoned. - User priority '26' for SLE-Micro - Convert more drop-ins into early ones ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1429-1 Released: Wed Apr 24 15:13:10 2024 Summary: Recommended update for ca-certificates Type: recommended Severity: moderate References: 1188500,1221184 This update for ca-certificates fixes the following issue: - Update version (bsc#1221184) * Use flock to serialize calls (bsc#1188500) * Make certbundle.run container friendly * Create /var/lib/ca-certificates if needed ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1433-1 Released: Wed Apr 24 21:41:41 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1221525,1221963,1222086,1222398,1223094 This update for libzypp, zypper fixes the following issues: - Fix creation of sibling cache dirs with too restrictive mode (bsc#1222398) - Don't try to refresh volatile media as long as raw metadata are present (bsc#1223094) - Update RepoStatus fromCookieFile according to the files mtime (bsc#1222086) - TmpFile: Don't call chmod if makeSibling failed - Do not try to refresh repo metadata as non-root user (bsc#1222086) - man: Explain how to protect orphaned packages by collecting them in a plaindir repo - packages: Add --autoinstalled and --userinstalled options to list them - Don't print 'reboot required' message if download-only or dry-run - Resepect zypper.conf option `showAlias` search commands (bsc#1221963) - dup: New option --remove-orphaned to remove all orphaned packages in dup (bsc#1221525) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1434-1 Released: Thu Apr 25 09:11:03 2024 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: moderate References: 1200731 This update for systemd-presets-common-SUSE fixes the following issues: - Split hcn-init.service to hcn-init-NetworkManager and hcn-init-wicked (bsc#1200731 ltc#198485 https://github.com/ibm-power-utilities/powerpc-utils/pull/84) Support both the old and new service to avoid complex version interdependency. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1439-1 Released: Thu Apr 25 23:41:12 2024 Summary: Security update for python-idna Type: security Severity: moderate References: 1222842,CVE-2024-3651 This update for python-idna fixes the following issues: - CVE-2024-3651: Fixed potential DoS via resource consumption via specially crafted inputs to idna.encode() (bsc#1222842). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1459-1 Released: Mon Apr 29 07:48:02 2024 Summary: Recommended update for vim Type: recommended Severity: moderate References: 1220763 This update for vim fixes the following issues: - Fix segmentation fault after updating to version 9.1.0111-150500.20.9.1 (bsc#1220763) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1474-1 Released: Tue Apr 30 06:21:02 2024 Summary: Recommended update for cups Type: recommended Severity: important References: 1217119 This update for cups fixes the following issues: - Fix occasional stuck on poll() loop (bsc#1217119) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1479-1 Released: Tue Apr 30 15:00:48 2024 Summary: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Type: recommended Severity: moderate References: 1216546,1218548,1221146,1221900,1221901,1222171 This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent contains the following fixes: - Fix file permissions for google_authorized_principals binary (bsc#1222171) - Update to version 20240314.00 (bsc#1221900, bsc#1221901) * NetworkManager: only set secondary interfaces as up (#378) * address manager: make sure we check for oldMetadata (#375) * network: early setup network (#374) * NetworkManager: fix ipv6 and ipv4 mode attribute (#373) * Network Manager: make sure we clean up ifcfg files (#371) * metadata script runner: fix script download (#370) * oslogin: avoid adding extra empty line at the end of /etc/security/group.conf (#369) * Dynamic vlan (#361) * Check for nil response (#366) * Create NetworkManager implementation (#362) * Skip interface manager on Windows (#363) * network: remove ignore setup (#360) * Create wicked network service implementation and its respective unit (#356) * Update metadata script runner, add tests (#357) * Refactor guest-agent to use common retry util (#355) * Flush logs before exiting #358 (#359) - Refresh ifcfg patches for new version - No need for double %setup. - Use %patch -P N instead of deprecated %patchN. - Update to version 20240213.00 * Create systemd-networkd unit tests (#354) - from version 20240209.00 * Update network manager unit tests (#351) - from version 20240207.02 * Implement retry util (#350) - from version 20240207.01 * Refactor utils package to not dump everything unrelated into one file (#352) - from version 20240207.00 * Set version on metadata script runner (#353) * Implement cleanup of deprecated configuration directives (#348) * Ignore DHCP offered routes only for secondary nics (#347) * Deprecate DHClient in favor of systemd-networkd (#342) * Generate windows and linux licenses (#346) - from version 20240122.00 * Remove quintonamore from OWNERS (#345) - from version 20240111.00 * Delete integration tests (#343) - from version 20240109.00 * Update licenses with dependencies of go-winio (#339) * Add github.com/Microsoft/go-winio to third party licensing (#337) - Refresh ifcfg patches for new version - Update to version 20231214.00 * Fix snapshot test failure (#336) - from version 20231212.00 * Implement json-based command messaging system for guest-agent (#326) - from version 20231118.00 * sshca: Remove certificate caching (#334) - from version 20231115.00 * revert: 3ddd9d4a496f7a9c591ded58c3f541fd9cc7e317 (#333) * Update script runner to use common cfg package (#331) - Update to version 20231110.00 * Update Google UEFI variable (#329) * Update owners (#328) - from version 20231103.00 * Make config parsing order consistent (#327) - Update to version 20240307.00 (bsc#1221146, bsc#1221900, bsc#1221901) * Support dot in NVMe device ids (#68) - from version 20240304.00 * google_set_hostname: Extract rsyslog service name with a regexp for valid systemd unit names (#67) - from version 20240228.00 * Remove quintonamore from OWNERS (#64) - from version 20240119.00 * Setup smp affinity for IRQs and XPS on A3+ VMs (#63) - Update to version 20231214.00 * set multiqueue: A3 check set timeout the MDS call in 1s (#62) - from version 20231103.00 * Update owners (#61) * Update owners (#58) - Update to version 20230929.00 * Update multinic filter to pick only pci devices (#59) - Update to version 20240311.00 (bsc#1218548, bsc#1221900, bsc#1221901) * pam: Bring back pam's account management implementation (#133) * Change error messages when checking login policy (#129) * Remove quintonamore from OWNERS (#128) - Update to version 20231116.00 * build: Fix DESTDIR concatenation (#124) - from version 20231113.00 * build: Fix clang build (#122) - from version 20231103.00 * Update owners (#121) - Update to version 20240320.00 (bsc#1221900, bsc#1221901) * Enable OSConfig agent to read GPG keys files with multiple entities (#537) - from version 20240314.00 * Update OWNERS file to replace mahmoudn GitHub username by personal email GitHub username (#534) - from version 20240313.01 * Bump google.golang.org/protobuf from 1.30.0 to 1.33.0 in /e2e_tests (#535) - from version 20240313.00 * Adds a console and gcloud example policies (#533) - from version 20240228.00 * GuestPolicies e2e: Remove ed package if exist for zypper startup_script in recipe-steps tests (#532) - from version 20240126.00 * Fix Enterprise Linux Recipe-Steps tests to install info dependency package in the startup-script (#530) - from version 20240125.01 * Fix SUSE pkg-update and pkg-no-update e2e tests (#529) - from version 20240125.00 * Fix zypper patch info parser to consider conflicts-pkgs float versions (#528) - from version 20240123.01 * Fix SUSE package update e2e tests to use another existing package (#527) - from version 20240123.00 * Update cis-exclude-check-once-a-day.yaml (#526) - Update to version 20231219.00 * Bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#524) - from version 20231207.01 * Some change to create an agent release (#523) - from version 20231207.00 * Some change to create an agent release (#522) - from version 20231205.00 * Some change to create an agent release (#521) - from version 20231130.02 * Merge pull request #519 from Gulio/just-release * Merge branch 'master' into just-release * Some change to create an agent release * Some change to create an agent release - from version 20231130.00 * Some change to create an agent release (#518) - from version 20231129.00 * Fix parse yum updates to consider the packages under installing-dependencies keyword (#502) * Update feature names in the README file (#517) - from version 20231128.00 * Updating owners (#508) - from version 20231127.00 * Move OS policy CIS examples under the console folder (#514) - from version 20231123.01 * Adds three more OS Policy examples to CIS folder (#509) * Added ekrementeskii and MahmoudNada0 to OWNERS (#505) - from version 20231123.00 * docs(osconfig):add OS policy examples for CIS scanning (#503) - from version 20231121.02 * Added SCODE to Windows error description (#504) - from version 20231121.01 * Update OWNERS (#501) * Update go version to 1.21 (#507) - from version 20231121.00 * Call fqdn (#481) - from version 20231116.00 * Removing obsolete MS Windows 2019 images (#500) - from version 20231107.00 * Update owners. (#498) - from version 20231103.02 * Increasing test timeouts (#499) * Update OWNERS (#497) - from version 20231103.01 * Bump google.golang.org/grpc from 1.53.0 to 1.56.3 in /e2e_tests (#493) * Bump google.golang.org/grpc from 1.53.0 to 1.56.3 (#494) - from version 20231103.00 * Removing deprecated Win for containers OSs (#496) - from version 20231027.00 * Shortening the reported image names (#495) - from version 20231025.00 * Merge pull request #492 from GoogleCloudPlatform/michaljankowiak-patch-1 * Merge branch 'master' into michaljankowiak-patch-1 * Fixing name changes * Fixing rename issue * Fixed formatting * Fixed formatting * Fixing formatting * Removing support for RHEL 6, adding RHEL 9 * Removing support for RHEL 6, adding for RHEL 9 * Removing support for RHEL 6 and adding for RHEL 9 * Removing step needed for RHEL 6 * Fixing build issues * Removing nonexistent images and adding new ones - from version 20231024.00 * Removing obsolete OS images and adding new ones (#491) - from version 20231020.00 * Change debug messages when parsing zypper patch output (#490) - from version 20231013.00 * Bump golang.org/x/net from 0.7.0 to 0.17.0 (#489) - from version 20231010.00 * Revert 'Added [main] section with gpgcheck to the agent-managed repo file (#484)' (#488) - from version 20231003.00 * Bump google.golang.org/grpc from 1.42.0 to 1.53.0 in /e2e_tests (#478) - from version 20230920.00 * Update OWNERS (#485) - from version 20230912.00 * Added [main] section with gpgcheck to the agent-managed repo file (#484) * Migrate empty interface to any (#483) - Bump the golang compiler version to 1.21 (bsc#1216546) - Update to version 20230829.00 * Added burov, dowgird, paulinakania and Gulio to OWNERS (#482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1487-1 Released: Thu May 2 10:43:53 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1211721,1221361,1221407,1222547 This update for aaa_base fixes the following issues: - home and end button not working from ssh client (bsc#1221407) - use autosetup in prep stage of specfile - drop the stderr redirection for csh (bsc#1221361) - drop sysctl.d/50-default-s390.conf (bsc#1211721) - make sure the script does not exit with 1 if a file with content is found (bsc#1222547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1488-1 Released: Thu May 2 15:29:32 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1489-1 Released: Fri May 3 09:36:22 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1184942,1186060,1192145,1194516,1208995,1209635,1209657,1212514,1213456,1217987,1217988,1217989,1218336,1218447,1218479,1218562,1219170,1219264,1220320,1220340,1220366,1220400,1220411,1220413,1220414,1220425,1220426,1220429,1220432,1220442,1220445,1220465,1220468,1220475,1220484,1220486,1220487,1220516,1220521,1220528,1220529,1220532,1220554,1220556,1220557,1220560,1220561,1220566,1220575,1220580,1220583,1220611,1220615,1220621,1220625,1220630,1220631,1220638,1220639,1220640,1220641,1220662,1220663,1220669,1220670,1220677,1220678,1220685,1220687,1220688,1220692,1220697,1220703,1220706,1220733,1220734,1220739,1220743,1220745,1220749,1220751,1220753,1220758,1220759,1220764,1220768,1220769,1220777,1220779,1220785,1220790,1220794,1220824,1220826,1220829,1220836,1220846,1220850,1220861,1220871,1220883,1220946,1220954,1220969,1220979,1220982,1220985,1220987,1221015,1221044,1221058,1221061,1221077,1221088,1221276,1221293,1221532,1221534,1221541,1221548,1221552,1221575,1221605,1 221606,1221608,1221830,1221931,1221932,1221934,1221935,1221949,1221952,1221965,1221966,1221969,1221973,1221974,1221978,1221989,1221990,1221991,1221992,1221993,1221994,1221996,1221997,1221998,1221999,1222000,1222001,1222002,1222003,1222004,1222117,1222422,1222585,1222619,1222660,1222664,1222669,1222706,CVE-2020-36780,CVE-2020-36781,CVE-2020-36782,CVE-2020-36783,CVE-2021-23134,CVE-2021-29155,CVE-2021-46908,CVE-2021-46909,CVE-2021-46911,CVE-2021-46914,CVE-2021-46917,CVE-2021-46918,CVE-2021-46919,CVE-2021-46920,CVE-2021-46921,CVE-2021-46922,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46938,CVE-2021-46939,CVE-2021-46943,CVE-2021-46944,CVE-2021-46950,CVE-2021-46951,CVE-2021-46956,CVE-2021-46958,CVE-2021-46959,CVE-2021-46960,CVE-2021-46961,CVE-2021-46962,CVE-2021-46963,CVE-2021-46971,CVE-2021-46976,CVE-2021-46980,CVE-2021-46981,CVE-2021-46983,CVE-2021-46984,CVE-2021-46988,CVE-2021-46990,CVE-2021-46991,CVE-2021-46992,CVE-2021-46998,CVE-2021-47000,CVE-2021-47001,CVE-2021-47003,CVE- 2021-47006,CVE-2021-47009,CVE-2021-47013,CVE-2021-47014,CVE-2021-47015,CVE-2021-47017,CVE-2021-47020,CVE-2021-47026,CVE-2021-47034,CVE-2021-47035,CVE-2021-47038,CVE-2021-47044,CVE-2021-47045,CVE-2021-47046,CVE-2021-47049,CVE-2021-47051,CVE-2021-47055,CVE-2021-47056,CVE-2021-47058,CVE-2021-47061,CVE-2021-47063,CVE-2021-47065,CVE-2021-47068,CVE-2021-47069,CVE-2021-47070,CVE-2021-47071,CVE-2021-47073,CVE-2021-47077,CVE-2021-47082,CVE-2021-47087,CVE-2021-47095,CVE-2021-47097,CVE-2021-47100,CVE-2021-47101,CVE-2021-47109,CVE-2021-47110,CVE-2021-47112,CVE-2021-47114,CVE-2021-47117,CVE-2021-47118,CVE-2021-47119,CVE-2021-47120,CVE-2021-47130,CVE-2021-47136,CVE-2021-47137,CVE-2021-47138,CVE-2021-47139,CVE-2021-47141,CVE-2021-47142,CVE-2021-47144,CVE-2021-47150,CVE-2021-47153,CVE-2021-47160,CVE-2021-47161,CVE-2021-47164,CVE-2021-47165,CVE-2021-47166,CVE-2021-47167,CVE-2021-47168,CVE-2021-47169,CVE-2021-47170,CVE-2021-47171,CVE-2021-47172,CVE-2021-47173,CVE-2021-47174,CVE-2021-47175,CVE-2021-47 176,CVE-2021-47177,CVE-2021-47179,CVE-2021-47180,CVE-2021-47181,CVE-2021-47183,CVE-2021-47185,CVE-2021-47189,CVE-2022-0487,CVE-2022-4744,CVE-2022-48626,CVE-2023-0160,CVE-2023-1192,CVE-2023-28746,CVE-2023-35827,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52476,CVE-2023-52477,CVE-2023-52492,CVE-2023-52500,CVE-2023-52508,CVE-2023-52509,CVE-2023-52572,CVE-2023-52575,CVE-2023-52583,CVE-2023-52590,CVE-2023-52591,CVE-2023-52607,CVE-2023-52628,CVE-2023-6270,CVE-2023-6356,CVE-2023-6531,CVE-2023-6535,CVE-2023-6536,CVE-2023-7042,CVE-2023-7192,CVE-2024-22099,CVE-2024-26600,CVE-2024-26614,CVE-2024-26642,CVE-2024-26704,CVE-2024-26733 The SUSE Linux Enterprise 15 SP3 LTSS kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2020-36781: Fixed reference leak when pm_runtime_get_sync fails in i2c/imx (bsc#1220557). - CVE-2021-46911: Fixed kernel panic (bsc#1220400). - CVE-2021-46914: Fixed unbalanced device enable/disable in suspend/resume in pci_disable_device() (bsc#1220465). - CVE-2021-46917: Fixed wq cleanup of WQCFG registers in idxd (bsc#1220432). - CVE-2021-46918: Fixed not clearing MSIX permission entry on shutdown in idxd (bsc#1220429). - CVE-2021-46919: Fixed wq size store permission state in idxd (bsc#1220414). - CVE-2021-46920: Fixed clobbering of SWERR overflow bit on writeback (bsc#1220426). - CVE-2021-46922: Fixed TPM reservation for seal/unseal (bsc#1220475). - CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484). - CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486). - CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487). - CVE-2021-46956: Fixed memory leak in virtio_fs_probe() (bsc#1220516). - CVE-2021-46959: Fixed use-after-free with devm_spi_alloc_* (bsc#1220734). - CVE-2021-46961: Fixed spurious interrup handling (bsc#1220529). - CVE-2021-46971: Fixed unconditional security_locked_down() call (bsc#1220697). - CVE-2021-46976: Fixed crash in auto_retire in drm/i915 (bsc#1220621). - CVE-2021-46980: Fixed not retrieving all the PDOs instead of just the first 4 in usb/typec/ucsi (bsc#1220663). - CVE-2021-46983: Fixed NULL pointer dereference when SEND is completed with error (bsc#1220639). - CVE-2021-46988: Fixed release page in error path to avoid BUG_ON (bsc#1220706). - CVE-2021-47001: Fixed cwnd update ordering in xprtrdma (bsc#1220670). - CVE-2021-47003: Fixed potential null dereference on pointer status in idxd_cmd_exec (bsc#1220677). - CVE-2021-47009: Fixed memory leak on object td (bsc#1220733). - CVE-2021-47014: Fixed wild memory access when clearing fragments in net/sched/act_ct (bsc#1220630). - CVE-2021-47017: Fixed use after free in ath10k_htc_send_bundle (bsc#1220678). - CVE-2021-47026: Fixed not destroying sysfs after removing session from active list (bsc#1220685). - CVE-2021-47035: Fixed wrong WO permissions on second-level paging entries in iommu/vt-d (bsc#1220688). - CVE-2021-47038: Fixed deadlock between hci_dev->lock and socket lock in bluetooth (bsc#1220753). - CVE-2021-47044: Fixed shift-out-of-bounds in load_balance() in sched/fair (bsc#1220759). - CVE-2021-47046: Fixed off by one in hdmi_14_process_transaction() (bsc#1220758). - CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954). - CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979). - CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982). - CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985). - CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987). - CVE-2021-47109: Fixed NUD_NOARP entries to be forced GCed (bsc#1221534). - CVE-2021-47130: Fixed freeing unallocated p2pmem in nvmet (bsc#1221552). - CVE-2021-47137: Fixed memory corruption in RX ring in net/lantiq (bsc#1221932). - CVE-2021-47150: Fixed the potential memory leak in fec_enet_init() (bsc#1221973). - CVE-2021-47160: Fixed VLAN traffic leaks in dsa: mt7530 (bsc#1221974). - CVE-2021-47164: Fixed null pointer dereference accessing lag dev in net/mlx5e (bsc#1221978). - CVE-2021-47174: Fixed missing check in irq_fpu_usable() (bsc#1221990). - CVE-2021-47175: Fixed OOB access in net/sched/fq_pie (bsc#1222003). - CVE-2021-47181: Fixed a null pointer dereference caused by calling platform_get_resource() (bsc#1222660). - CVE-2021-47183: Fixed a null pointer dereference during link down processing in scsi lpfc (bsc#1192145, bsc#1222664). - CVE-2021-47185: Fixed a softlockup issue in flush_to_ldisc in tty tty_buffer (bsc#1222669). - CVE-2021-47189: Fixed denial of service due to memory ordering issues between normal and ordered work functions in btrfs (bsc#1222706). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456). - CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411). - CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413). - CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445). - CVE-2023-52476: Fixed possible unhandled page fault via perf sampling NMI during vsyscall (bsc#1220703). - CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276). - CVE-2023-52500: Fixed information leaking when processing OPC_INB_SET_CONTROLLER_CONFIG command (bsc#1220883). - CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015). - CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871). - CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058). - CVE-2023-52607: Fixed a null-pointer-dereference in pgtable_cache_add kasprintf() (bsc#1221061). - CVE-2023-52628: Fixed 4-byte stack OOB write in nftables (bsc#1222117). - CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2023-7192: Fixed a memory leak problem in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c (bsc#1218479). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). The following non-security bugs were fixed: - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super (bsc#1219264). - tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619). - group-source-files.pl: Quote filenames (boo#1221077). - kernel-binary: certs: Avoid trailing space - mm: fix gup_pud_range (bsc#1220824). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1534-1 Released: Mon May 6 14:55:19 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1540-1 Released: Tue May 7 09:24:25 2024 Summary: Security update for xen Type: security Severity: moderate References: 1221984,1222302,1222453,CVE-2023-46842,CVE-2024-2201,CVE-2024-31142 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2023-46842: HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984) - CVE-2024-31142: Fixed incorrect logic for BTC/SRSO mitigations (XSA-455, bsc#1222302) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1567-1 Released: Thu May 9 12:33:42 2024 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: - Update to catatonit v0.2.0 - Change license to GPL-2.0-or-later ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1569-1 Released: Thu May 9 13:17:26 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216853,CVE-2023-38472 This update for avahi fixes the following issues: - CVE-2023-38472: Fix reachable assertion in avahi_rdata_parse() (bsc#1216853). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1633-1 Released: Tue May 14 11:35:56 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1642-1 Released: Tue May 14 15:38:24 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1190576,1192145,1200313,1201489,1203906,1203935,1204614,1211592,1218562,1218917,1219169,1219170,1219264,1220513,1220755,1220854,1221113,1221299,1221543,1221545,1222449,1222482,1222503,1222559,1222585,1222624,1222666,1222669,1222709,1222790,1222792,1222829,1222876,1222878,1222881,1222883,1222894,1222976,1223016,1223057,1223111,1223187,1223202,1223475,1223482,1223509,1223513,1223522,1223824,1223921,1223923,1223931,1223941,1223948,1223952,1223963,CVE-2021-46955,CVE-2021-47041,CVE-2021-47074,CVE-2021-47113,CVE-2021-47131,CVE-2021-47184,CVE-2021-47185,CVE-2021-47194,CVE-2021-47198,CVE-2021-47201,CVE-2021-47202,CVE-2021-47203,CVE-2021-47206,CVE-2021-47207,CVE-2021-47212,CVE-2021-47216,CVE-2022-48631,CVE-2022-48638,CVE-2022-48650,CVE-2022-48651,CVE-2022-48654,CVE-2022-48672,CVE-2022-48686,CVE-2022-48687,CVE-2022-48693,CVE-2022-48695,CVE-2022-48701,CVE-2022-48702,CVE-2023-2860,CVE-2023-6270,CVE-2024-0639,CVE-2024-0841,CVE-2024-22099,CVE-2024-23307,CVE-2024-26610,CVE-2024-26688,C VE-2024-26689,CVE-2024-26733,CVE-2024-26739,CVE-2024-26744,CVE-2024-26816,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26898,CVE-2024-26903,CVE-2024-26906,CVE-2024-27043 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2021-47113: Abort btrfs rename_exchange if we fail to insert the second ref (bsc#1221543). - CVE-2021-47131: Fixed a use-after-free after the TLS device goes down and up (bsc#1221545). - CVE-2024-26852: Fixed net/ipv6 to avoid possible UAF in ip6_route_mpath_notify() (bsc#1223057). - CVE-2021-46955: Fixed an out-of-bounds read with openvswitch, when fragmenting IPv4 packets (bsc#1220513). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-27043: Fixed a use-after-free in edia/dvbdev in different places (bsc#1223824). - CVE-2022-48631: Fixed a bug in ext4, when parsing extents where eh_entries == 0 and eh_depth > 0 (bsc#1223475). - CVE-2024-23307: Fixed Integer Overflow or Wraparound vulnerability in x86 and ARM md, raid, raid5 modules (bsc#1219169). - CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223513). - CVE-2024-26906: Disallowed vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y by ignoring them (bsc#1222624). - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi (bsc#1221299). - CVE-2024-26689: Fixed a use-after-free in encode_cap_msg() (bsc#1222503). - CVE-2021-47041: Don't set sk_user_data without write_lock (bsc#1220755). - CVE-2021-47074: Fixed memory leak in nvme_loop_create_ctrl() (bsc#1220854). - CVE-2024-26744: Fixed null pointer dereference in srpt_service_guid parameter in rdma/srpt (bsc#1222449). The following non-security bugs were fixed: - dm rq: do not queue request to blk-mq during DM suspend (bsc#1221113). - dm: rearrange core declarations for extended use from dm-zone.c (bsc#1221113). - net/tls: Remove the context from the list in tls_device_down (bsc#1221545). - tls: Fix context leak on tls_device_down (bsc#1221545). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1666-1 Released: Thu May 16 08:00:53 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1762-1 Released: Wed May 22 16:14:17 2024 Summary: Security update for perl Type: security Severity: important References: 1082216,1082233,1213638,CVE-2018-6798,CVE-2018-6913 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) Non-security issue fixed: - make Net::FTP work with TLS 1.3 (bsc#1213638) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1775-1 Released: Fri May 24 15:20:59 2024 Summary: Security update for libfastjson Type: security Severity: important References: 1171479,CVE-2020-12762 This update for libfastjson fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write via a large JSON file (bsc#1171479). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1778-1 Released: Fri May 24 17:40:50 2024 Summary: Recommended update for systemd-presets-branding-SLE Type: recommended Severity: moderate References: This update for systemd-presets-branding-SLE fixes the following issues: - Enable sysctl-logger (jsc#PED-5024) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1792-1 Released: Mon May 27 18:05:34 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1220679,1223107 This update for suseconnect-ng fixes the following issues: - Version update * Fix certificate import for Yast when using a registration proxy with self-signed SSL certificate (bsc#1223107) * Allow '--rollback' flag to run on readonly filesystem (bsc#1220679) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:461-1 Released: Wed May 29 09:34:10 2024 Summary: Security update for libxml2 Type: security Severity: important References: 1219576,CVE-2024-25062 This update for libxml2 fixes the following issues: - CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1826-1 Released: Wed May 29 10:43:45 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100) - Update to version 0.6.75: - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - Remove port arrays from bond,team,bridge,ovs-bridge (redundant) and consistently use config and state info attached to the port interface as in rtnetlink(7). - Cleanup ifcfg parsing, schema configuration and service properties - Migrate ports in xml config and policies already applied in nanny - Remove 'missed config' generation from finite state machine, which is completed while parsing the config or while xml config migration. - Issue a warning when 'lower' interface (e.g. eth0) config is missed while parsing config depending on it (e.g. eth0.42 vlan). - Resolve ovs master to the effective bridge in config and wickedd - Implement netif-check-state require checks using system relations from wickedd/kernel instead of config relations for ifdown and add linkDown and deleteDevice checks to all master and lower references. - Add a `wicked --dry-run ???` option to show the system/config interface hierarchies as notice with +/- marked interfaces to setup and/or shutdown. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1982-1 Released: Tue Jun 11 12:12:44 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2003-1 Released: Wed Jun 12 07:30:30 2024 Summary: Security update for cups Type: security Severity: important References: 1223179,1225365,CVE-2024-35235 This update for cups fixes the following issues: - CVE-2024-35235: Fixed a bug in cupsd that could allow an attacker to change the permissions of other files in the system. (bsc#1225365) - Handle local 'Negotiate' authentication response for cli clients (bsc#1223179) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2009-1 Released: Wed Jun 12 13:47:43 2024 Summary: Security update for curl Type: security Severity: moderate References: 1219273,CVE-2023-27534 This update for curl fixes the following issues: - CVE-2023-27534: Properly resolve ~ when used in a SFTP path. (bsc#1219273) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2033-1 Released: Sun Jun 16 12:19:55 2024 Summary: Security update for bind Type: security Severity: important References: 1219823,1219826,1219851,1219852,1219854,CVE-2023-4408,CVE-2023-50387,CVE-2023-50868,CVE-2023-5517,CVE-2023-6516 This update for bind fixes the following issues: - CVE-2023-4408: Fixed denial of service during DNS message parsing with different names (bsc#1219851) - CVE-2023-50387: Fixed denial of service during DNS messages validation with DNSSEC signatures (bsc#1219823) - CVE-2023-50868: Fixed denial of service during NSEC3 closest encloser proof preparation (bsc#1219826) - CVE-2023-5517: Fixed denial of service caused by specific queries with nxdomain-redirect enabled (bsc#1219852) - CVE-2023-6516: Fixed denial of service caused by specific queries that continuously triggered cache database maintenance (bsc#1219854) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2035-1 Released: Mon Jun 17 09:29:26 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: 33666 Released: Wed Jun 19 08:36:53 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222086,1223430,1223766 This update for libsolv, libzypp, zypper fixes the following issues: - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2185-1 Released: Mon Jun 24 21:04:36 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1151927,1152472,1154353,1156395,1174585,1176447,1176774,1176869,1178134,1181147,1184631,1185570,1185589,1185902,1186885,1187357,1188616,1188772,1189883,1190795,1191452,1192107,1194288,1194591,1196956,1197760,1198029,1199304,1200619,1203389,1206646,1209657,1210335,1210629,1213476,1215420,1216702,1217169,1220137,1220144,1220754,1220877,1220960,1221044,1221113,1221829,1222251,1222619,1222838,1222867,1223084,1223138,1223384,1223390,1223512,1223932,1223934,1224099,1224174,1224438,1224482,1224511,1224592,1224816,1224826,1224830,1224831,1224832,1224834,1224841,1224842,1224843,1224844,1224846,1224849,1224852,1224853,1224854,1224859,1224882,1224886,1224888,1224889,1224891,1224892,1224893,1224899,1224904,1224907,1224909,1224916,1224917,1224922,1224923,1224924,1224926,1224928,1224953,1224954,1224955,1224957,1224961,1224963,1224965,1224966,1224968,1224981,1224982,1224983,1224984,1224987,1224990,1224993,1224996,1224997,1225026,1225030,1225058,1225060,1225083,1225084,1225091,1 225112,1225113,1225128,1225140,1225143,1225148,1225155,1225164,1225177,1225178,1225181,1225192,1225193,1225198,1225201,1225206,1225207,1225208,1225214,1225223,1225224,1225230,1225232,1225233,1225237,1225238,1225243,1225244,1225247,1225251,1225252,1225256,1225261,1225262,1225263,1225301,1225303,1225316,1225318,1225320,1225321,1225322,1225326,1225327,1225328,1225330,1225333,1225336,1225341,1225346,1225351,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225369,1225370,1225372,1225374,1225384,1225386,1225387,1225390,1225393,1225400,1225404,1225405,1225409,1225411,1225424,1225427,1225435,1225437,1225438,1225439,1225446,1225447,1225448,1225450,1225453,1225455,1225468,1225499,1225500,1225508,1225534,CVE-2020-36788,CVE-2021-3743,CVE-2021-39698,CVE-2021-43056,CVE-2021-43527,CVE-2021-47104,CVE-2021-47192,CVE-2021-47200,CVE-2021-47220,CVE-2021-47227,CVE-2021-47228,CVE-2021-47229,CVE-2021-47230,CVE-2021-47231,CVE-2021-47235,CVE-2021-47236,CVE-2021-47237,CVE-2021-47239,CVE-2021- 47240,CVE-2021-47241,CVE-2021-47246,CVE-2021-47252,CVE-2021-47253,CVE-2021-47254,CVE-2021-47255,CVE-2021-47258,CVE-2021-47259,CVE-2021-47260,CVE-2021-47261,CVE-2021-47263,CVE-2021-47265,CVE-2021-47267,CVE-2021-47269,CVE-2021-47270,CVE-2021-47274,CVE-2021-47275,CVE-2021-47276,CVE-2021-47280,CVE-2021-47281,CVE-2021-47284,CVE-2021-47285,CVE-2021-47288,CVE-2021-47289,CVE-2021-47296,CVE-2021-47301,CVE-2021-47302,CVE-2021-47305,CVE-2021-47307,CVE-2021-47308,CVE-2021-47314,CVE-2021-47315,CVE-2021-47320,CVE-2021-47321,CVE-2021-47323,CVE-2021-47324,CVE-2021-47329,CVE-2021-47330,CVE-2021-47332,CVE-2021-47333,CVE-2021-47334,CVE-2021-47337,CVE-2021-47338,CVE-2021-47340,CVE-2021-47341,CVE-2021-47343,CVE-2021-47344,CVE-2021-47347,CVE-2021-47348,CVE-2021-47350,CVE-2021-47353,CVE-2021-47354,CVE-2021-47356,CVE-2021-47369,CVE-2021-47375,CVE-2021-47378,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47387,CVE-2021-47388,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47395,CVE-2021-47396,C VE-2021-47399,CVE-2021-47402,CVE-2021-47404,CVE-2021-47405,CVE-2021-47409,CVE-2021-47413,CVE-2021-47416,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47428,CVE-2021-47431,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47451,CVE-2021-47456,CVE-2021-47458,CVE-2021-47460,CVE-2021-47464,CVE-2021-47465,CVE-2021-47468,CVE-2021-47473,CVE-2021-47478,CVE-2021-47480,CVE-2021-47482,CVE-2021-47483,CVE-2021-47485,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47509,CVE-2021-47511,CVE-2021-47512,CVE-2021-47516,CVE-2021-47518,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47535,CVE-2021-47536,CVE-2021-47538,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47549,CVE-2021-47557,CVE-2021-47562,CVE-2021 -47563,CVE-2021-47565,CVE-2022-1195,CVE-2022-20132,CVE-2022-48636,CVE-2022-48673,CVE-2022-48704,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2176,CVE-2023-4244,CVE-2023-47233,CVE-2023-52433,CVE-2023-52581,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52686,CVE-2023-52840,CVE-2023-52871,CVE-2023-52880,CVE-2023-6531,CVE-2024-26581,CVE-2024-26643,CVE-2024-26828,CVE-2024-26921,CVE-2024-26925,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35895,CVE-2024-35914 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47378: Destroy cm id before destroy qp to avoid use after free (bsc#1225201). - CVE-2021-47496: Fix flipped sign in tls_err_abort() calls (bsc#1225354) - CVE-2021-47402: Protect fl_walk() with rcu (bsc#1225301) - CVE-2022-48673: kABI workarounds for struct smc_link (bsc#1223934). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2021-47497: Fixed shift-out-of-bound (UBSAN) with byte size cells (bsc#1225355). - CVE-2021-47500: Fixed trigger reference couting (bsc#1225360). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2021-47383: Fiedx out-of-bound vmalloc access in imageblit (bsc#1225208). - CVE-2021-47511: Fixed negative period/buffer sizes (bsc#1225411). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2021-47261: Fix initializing CQ fragments buffer (bsc#1224954) - CVE-2021-47254: Fix use-after-free in gfs2_glock_shrink_scan (bsc#1224888). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-4244: Fixed a use-after-free in the nf_tables component, which could be exploited to achieve local privilege escalation (bsc#1215420). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-52686: Fix a null pointer in opal_event_init() (bsc#1065729). The following non-security bugs were fixed: - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - btrfs: do not start relocation until in progress drops are done (bsc#1222251). - cifs: add missing spinlock around tcon refcount (bsc#1213476). - cifs: avoid dup prefix path in dfs_get_automount_devname() (bsc#1213476). - cifs: avoid race conditions with parallel reconnects (bsc#1213476). - cifs: avoid re-lookups in dfs_cache_find() (bsc#1213476). - cifs: avoid use of global locks for high contention data (bsc#1213476). - cifs: check only tcon status on tcon related functions (bsc#1213476). - cifs: do all necessary checks for credits within or before locking (bsc#1213476). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1213476). - cifs: do not refresh cached referrals from unactive mounts (bsc#1213476). - cifs: do not take exclusive lock for updating target hints (bsc#1213476). - cifs: fix confusing debug message (bsc#1213476). - cifs: fix missing unload_nls() in smb2_reconnect() (bsc#1213476). - cifs: fix potential deadlock in cache_refresh_path() (bsc#1213476). - cifs: fix refresh of cached referrals (bsc#1213476). - cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (bsc#1213476). - cifs: fix source pathname comparison of dfs supers (bsc#1213476). - cifs: fix status checks in cifs_tree_connect (bsc#1213476). - cifs: fix use-after-free bug in refresh_cache_worker() (bsc#1213476). - cifs: get rid of dns resolve worker (bsc#1213476). - cifs: get rid of mount options string parsing (bsc#1213476). - cifs: handle cache lookup errors different than -ENOENT (bsc#1213476). - cifs: ignore ipc reconnect failures during dfs failover (bsc#1213476). - cifs: match even the scope id for ipv6 addresses (bsc#1213476). - cifs: optimize reconnect of nested links (bsc#1213476). - cifs: prevent data race in smb2_reconnect() (bsc#1213476). - cifs: refresh root referrals (bsc#1213476). - cifs: remove duplicate code in __refresh_tcon() (bsc#1213476). - cifs: remove unused function (bsc#1213476). - cifs: remove unused smb3_fs_context::mount_options (bsc#1213476). - cifs: return DFS root session id in DebugData (bsc#1213476). - cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (bsc#1213476). - cifs: set correct ipc status after initial tree connect (bsc#1213476). - cifs: set correct status of tcon ipc when reconnecting (bsc#1213476). - cifs: set correct tcon status after initial tree connect (bsc#1213476). - cifs: set DFS root session in cifs_get_smb_ses() (bsc#1213476). - cifs: set resolved ip in sockaddr (bsc#1213476). - cifs: share dfs connections and supers (bsc#1213476). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1213476). - cifs: use fs_context for automounts (bsc#1213476). - cifs: use origin fullpath for automounts (bsc#1213476). - cifs: use tcon allocation functions even for dummy tcon (bsc#1213476). - netfilter: nf_tables: defer gc run if previous batch is still pending (git-fixes). - netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (git-fixes). - netfilter: nf_tables: fix kdoc warnings after gc rework (git-fixes). - netfilter: nf_tables: fix memleak when more than 255 elements expired (git-fixes). - netfilter: nf_tables: GC transaction race with abort path (git-fixes). - netfilter: nf_tables: GC transaction race with netns dismantle (git-fixes). - netfilter: nf_tables: mark newset as dead on transaction abort (git-fixes). - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (git-fixes). - netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (git-fixes). - netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (git-fixes). - netfilter: nf_tables: skip dead set elements in netlink dump (git-fixes). - netfilter: nf_tables: use correct lock to protect gc_list (git-fixes). - netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (git-fixes). - netfilter: nft_set_rbtree: Add missing expired checks (git-fixes). - netfilter: nft_set_rbtree: bogus lookup/get on consecutive elements in named sets (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match (git-fixes). - netfilter: nft_set_rbtree: Detect partial overlaps on insertion (git-fixes). - netfilter: nft_set_rbtree: Do not account for expired elements on insertion (git-fixes). - netfilter: nft_set_rbtree: Drop spurious condition for overlap detection on insertion (git-fixes). - netfilter: nft_set_rbtree: fix null deref on element insertion (git-fixes). - netfilter: nft_set_rbtree: fix overlap expiration walk (git-fixes). - netfilter: nft_set_rbtree: Handle outcomes of tree rotations in overlap detection (git-fixes). - netfilter: nft_set_rbtree: Introduce and use nft_rbtree_interval_start() (git-fixes). - netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (git-fixes). - netfilter: nft_set_rbtree: skip elements in transaction from garbage collection (git-fixes). - netfilter: nft_set_rbtree: skip end interval element from gc (git-fixes). - netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (git-fixes). - netfilter: nft_set_rbtree: Switch to node list walk for overlap detection (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - NFC: nxp: add NXP1002 (bsc#1185589). - PCI: rpaphp: Add MODULE_DESCRIPTION (bsc#1176869 ltc#188243). - smb: client: fix dfs link mount against w2k8 (git-fixes). - smb: client: fix null auth (bsc#1213476). - smb: client: set correct id, uid and cruid for multiuser automounts (git-fixes). - x86/xen: Drop USERGS_SYSRET64 paravirt call (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2233-1 Released: Wed Jun 26 10:02:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1215918 This update for util-linux fixes the following issue: - fix Xen virtualization type misidentification (bsc#1215918) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2240-1 Released: Wed Jun 26 15:20:30 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2252-1 Released: Mon Jul 1 14:58:17 2024 Summary: Recommended update for sle-module-containers-release Type: recommended Severity: low References: This update for sle-module-containers-release contains the following fix: - Remove EOL Date from release package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2362-1 Released: Tue Jul 9 16:02:10 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1171988,1176447,1176774,1181147,1191958,1195065,1195254,1195798,1202623,1218148,1219224,1219633,1222015,1223011,1223384,1224671,1224703,1224749,1224764,1224765,1224766,1224865,1225010,1225047,1225109,1225161,1225184,1225203,1225487,1225518,1225611,1225732,1225749,1225840,1225866,1226226,1226537,1226552,1226554,1226557,1226558,1226562,1226563,1226575,1226583,1226585,1226587,1226595,1226614,1226619,1226621,1226624,1226643,1226644,1226645,1226647,1226650,1226669,1226670,1226672,1226674,1226679,1226686,1226691,1226692,1226698,1226703,1226708,1226709,1226711,1226712,1226713,1226715,1226716,1226720,1226721,1226732,1226758,1226762,1226786,1226962,CVE-2021-3896,CVE-2021-43389,CVE-2021-4439,CVE-2021-47247,CVE-2021-47311,CVE-2021-47328,CVE-2021-47368,CVE-2021-47372,CVE-2021-47379,CVE-2021-47571,CVE-2021-47576,CVE-2021-47583,CVE-2021-47589,CVE-2021-47595,CVE-2021-47596,CVE-2021-47600,CVE-2021-47602,CVE-2021-47609,CVE-2021-47611,CVE-2021-47612,CVE-2021-47617,CVE-2021-47618,C VE-2021-47619,CVE-2021-47620,CVE-2022-0435,CVE-2022-22942,CVE-2022-2938,CVE-2022-48711,CVE-2022-48715,CVE-2022-48717,CVE-2022-48722,CVE-2022-48724,CVE-2022-48726,CVE-2022-48728,CVE-2022-48730,CVE-2022-48732,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48752,CVE-2022-48754,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48767,CVE-2022-48768,CVE-2022-48771,CVE-2023-24023,CVE-2023-52707,CVE-2023-52752,CVE-2023-52881,CVE-2024-26822,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35878,CVE-2024-35950,CVE-2024-36894,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47247: net/mlx5e: Fix use-after-free of encap entry in neigh update handler (bsc#1224865). - CVE-2021-47311: net: qcom/emac: fix UAF in emac_remove (bsc#1225010). - CVE-2021-47368: enetc: Fix illegal access when reading affinity_hint (bsc#1225161). - CVE-2021-47372: net: macb: fix use after free on rmmod (bsc#1225184). - CVE-2021-47379: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd (bsc#1225203). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2022-48760: USB: core: Fix hang in usb_kill_urb by adding memory barriers (bsc#1226712). - CVE-2023-52707: sched/psi: Fix use-after-free in ep_remove_wait_queue() (bsc#1225109). polled (bsc#1202623). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226758). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). The following non-security bugs were fixed: - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - psi: Fix uaf issue when psi trigger is destroyed while being - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2533-1 Released: Tue Jul 16 14:12:31 2024 Summary: Security update for xen Type: security Severity: important References: 1222453,1227355,CVE-2024-2201,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2024-2201: Mitigation for Native Branch History Injection (XSA-456, bsc#1222453) - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2674-1 Released: Wed Jul 31 06:57:02 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:58 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2745-1 Released: Mon Aug 5 17:58:41 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update: * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:10 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2806-1 Released: Wed Aug 7 09:49:03 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2810-1 Released: Wed Aug 7 09:50:10 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,CVE-2024-1737,CVE-2024-1975 This update for bind fixes the following issues: - CVE-2024-1737: It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (bsc#1228256) - CVE-2024-1975: Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (bsc#1228257) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - bind-utils-9.16.6-150300.22.47.1 updated - blog-2.26-150300.4.6.1 updated - ca-certificates-mozilla-2.62-150200.30.1 updated - ca-certificates-2+git20240416.98ae794-150300.4.3.3 updated - catatonit-0.2.0-150300.10.8.1 updated - chrony-pool-suse-4.1-150300.16.14.3 updated - chrony-4.1-150300.16.14.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - coreutils-8.32-150300.3.8.1 updated - cpio-2.12-150000.3.12.1 updated - cups-config-2.2.7-150000.3.62.1 updated - curl-7.66.0-150200.4.72.1 updated - dbus-1-1.12.2-150100.8.17.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-049.1+suse.257.gf94c3fd1-150200.3.75.1 updated - gawk-4.2.1-150000.3.3.1 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - google-guest-agent-20240314.00-150400.1.48.7 updated - google-guest-configs-20240307.00-150000.1.31.1 updated - google-guest-oslogin-20240311.00-150400.1.45.7 updated - google-osconfig-agent-20240320.00-150400.1.35.7 updated - gpg2-2.2.27-150300.3.8.1 updated - growpart-rootgrow-1.0.7-150400.1.14.7 updated - grub2-i386-pc-2.04-150300.22.43.1 updated - grub2-x86_64-efi-2.04-150300.22.43.1 updated - grub2-2.04-150300.22.43.1 updated - hwdata-0.380-150000.3.68.1 updated - hwinfo-21.85-150300.3.6.1 updated - kernel-default-5.3.18-150300.59.167.1 updated - krb5-1.19.2-150300.19.1 updated - less-530-150000.3.9.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libavahi-client3-0.7-150100.3.35.1 updated - libavahi-common3-0.7-150100.3.35.1 updated - libbind9-1600-9.16.6-150300.22.47.1 updated - libblkid1-2.36.2-150300.4.44.12 updated - libblogger2-2.26-150300.4.6.1 updated - libcap2-2.26-150000.4.9.1 updated - libcares2-1.19.1-150000.3.26.1 updated - libcrypt1-4.4.15-150300.4.7.1 updated - libcryptsetup12-2.3.7-150300.3.8.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libcurl4-7.66.0-150200.4.72.1 updated - libdbus-1-3-1.12.2-150100.8.17.1 updated - libdevmapper1_03-2.03.05_1.02.163-150200.8.52.1 updated - libdns1605-9.16.6-150300.22.47.1 updated - libeconf0-0.5.2-150300.3.11.1 updated - libfastjson4-0.99.8-150000.3.3.1 updated - libfdisk1-2.36.2-150300.4.44.12 updated - libfreetype6-2.10.4-150000.4.15.1 updated - libfstrm0-0.6.1-150300.9.5.1 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.62.6-150200.3.18.1 updated - libgnutls30-3.6.7-150200.14.31.1 updated - libhugetlbfs-2.20-150000.3.8.1 updated - libirs1601-9.16.6-150300.22.47.1 updated - libisc1606-9.16.6-150300.22.47.1 updated - libisccc1600-9.16.6-150300.22.47.1 updated - libisccfg1600-9.16.6-150300.22.47.1 updated - libjansson4-2.14-150000.3.5.1 updated - libldap-2_4-2-2.4.46-150200.14.17.1 updated - libldap-data-2.4.46-150200.14.17.1 updated - liblognorm5-2.0.6-150000.3.3.1 updated - libmetalink3-0.1.3-150000.3.2.1 updated - libmount1-2.36.2-150300.4.44.12 updated - libncurses6-6.1-150000.5.24.1 updated - libnghttp2-14-1.40.0-150200.17.1 updated - libns1604-9.16.6-150300.22.47.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopeniscsiusr0_2_0-2.1.7-150300.32.24.1 updated - libopenssl1_1-1.1.1d-150200.11.91.1 updated - libparted0-3.2-150300.21.3.1 updated - libpci3-3.5.6-150300.13.6.1 updated - libpcre2-8-0-10.31-150000.3.15.1 updated - libprocps8-3.3.17-150000.7.39.1 added - libprotobuf-c1-1.3.2-150200.3.9.1 added - libprotobuf-lite20-3.9.2-150200.4.21.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libqrencode4-4.1.1-150000.3.3.1 updated - libsmartcols1-2.36.2-150300.4.44.12 updated - libsolv-tools-base-0.7.29-150200.34.1 added - libsolv-tools-0.7.29-150200.34.1 updated - libsqlite3-0-3.44.0-150000.3.23.1 updated - libssh-config-0.9.8-150200.13.6.2 added - libssh4-0.9.8-150200.13.6.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libtirpc-netconfig-1.3.4-150300.3.23.1 updated - libtirpc3-1.3.4-150300.3.23.1 updated - libuuid1-2.36.2-150300.4.44.12 updated - libuv1-1.18.0-150000.3.2.1 updated - libxml2-2-2.9.7-150000.3.70.1 updated - libxslt1-1.1.32-150000.3.14.1 added - libyajl2-2.1.0-150000.4.6.1 updated - libz1-1.2.11-150000.3.48.1 updated - libzypp-17.34.1-150200.106.2 updated - login_defs-4.8.1-150300.4.18.1 updated - ncurses-utils-6.1-150000.5.24.1 updated - netcfg-11.6-150000.3.6.1 updated - nfs-client-2.1.1-150100.10.37.1 updated - open-iscsi-2.1.7-150300.32.24.1 updated - openssh-clients-8.4p1-150300.3.37.1 updated - openssh-common-8.4p1-150300.3.37.1 updated - openssh-server-8.4p1-150300.3.37.1 updated - openssh-8.4p1-150300.3.37.1 updated - openssl-1_1-1.1.1d-150200.11.91.1 updated - pam-config-1.1-150200.3.6.1 updated - pam-1.3.0-150000.6.66.1 updated - parted-3.2-150300.21.3.1 updated - pciutils-3.5.6-150300.13.6.1 updated - perl-Bootloader-0.945-150300.3.12.1 updated - perl-base-5.26.1-150300.17.17.1 updated - perl-5.26.1-150300.17.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 added - python3-apipkg-1.4-150000.3.6.1 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.6-150300.22.47.1 updated - python3-certifi-2018.1.18-150000.3.3.1 added - python3-cffi-1.13.2-3.2.5 added - python3-chardet-3.0.4-150000.5.3.1 added - python3-cryptography-3.3.2-150200.22.1 added - python3-cssselect-1.0.3-150400.3.7.4 added - python3-idna-2.6-150000.3.3.1 added - python3-iniconfig-1.1.1-150000.1.11.1 added - python3-lxml-4.7.1-150200.3.12.1 added - python3-ply-3.10-150000.3.5.1 updated - python3-pyOpenSSL-19.0.0-1.31 added - python3-pyasn1-0.4.2-150000.3.5.1 added - python3-pycparser-2.17-3.2.1 added - python3-py-1.10.0-150100.5.12.1 added - python3-requests-2.25.1-150300.3.12.2 added - python3-urllib3-1.25.10-150300.4.12.1 added - python3-3.6.15-150300.10.65.2 updated - rsyslog-module-relp-8.2106.0-150200.4.43.2 updated - rsyslog-8.2106.0-150200.4.43.2 updated - runc-1.1.13-150000.67.1 updated - samba-client-libs-4.15.13+git.710.7032820fcd-150300.3.66.2 updated - sed-4.4-150300.13.3.1 updated - shadow-4.8.1-150300.4.18.1 updated - shim-15.8-150300.4.20.2 updated - sle-module-containers-release-15.3-150300.58.3.2 updated - sudo-1.9.5p2-150300.3.33.1 updated - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suse-module-tools-15.3.18-150300.3.25.1 updated - suseconnect-ng-1.11.0-150100.3.33.2 added - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 updated - systemd-default-settings-0.10-150300.3.7.1 updated - systemd-presets-branding-SLE-15.1-150100.20.14.1 updated - systemd-presets-common-SUSE-15-150100.8.23.1 updated - tar-1.34-150000.3.34.1 updated - terminfo-base-6.1-150000.5.24.1 updated - terminfo-6.1-150000.5.24.1 updated - timezone-2024a-150000.75.28.1 updated - util-linux-systemd-2.36.2-150300.4.44.11 updated - util-linux-2.36.2-150300.4.44.12 updated - vim-data-common-9.1.0330-150000.5.63.1 updated - vim-9.1.0330-150000.5.63.1 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150300.4.35.1 updated - wicked-0.6.76-150300.4.35.1 updated - xen-libs-4.14.6_16-150300.3.75.1 updated - zypper-1.14.73-150200.81.6 updated - SUSEConnect-0.3.36-150300.20.6.1 removed - fdupes-1.61-1.452 removed - libprocps7-3.3.15-150000.7.31.1 removed - libruby2_5-2_5-2.5.9-150000.4.26.1 removed - libyaml-0-2-0.1.7-1.17 removed - net-tools-2.0+git20170221.479bb4a-3.11 removed - ruby-common-2.1-3.15 removed - ruby2.5-2.5.9-150000.4.26.1 removed - ruby2.5-rubygem-gem2rpm-0.10.1-3.45 removed - ruby2.5-stdlib-2.5.9-150000.4.26.1 removed - samba-libs-4.15.13+git.636.53d93c5b9d6-150300.3.52.1 removed - sysfsutils-2.1.0-3.3.1 removed - xxd-9.0.1443-150000.5.43.1 removed - zypper-migration-plugin-0.12.1618498507.b68ecea-1.1 removed From sle-container-updates at lists.suse.com Sat Aug 10 07:01:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 07:01:58 -0000 Subject: SUSE-IU-2024:832-1: Security update of suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2 Message-ID: <20240810070156.25E31FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:832-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2:20240809 Image Release : Severity : important Type : security References : 1065729 1141157 1160293 1174585 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1195775 1196869 1196956 1197915 1200313 1201308 1201489 1208149 1208690 1209627 1209657 1209799 1209834 1210335 1211592 1213551 1213863 1214960 1216124 1216702 1217083 1217169 1217515 1218148 1218447 1218668 1218917 1219004 1219224 1219559 1219680 1220485 1220492 1220492 1220664 1220783 1221044 1221400 1221563 1221645 1221854 1221958 1222011 1222015 1222075 1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222976 1223057 1223084 1223107 1223111 1223138 1223191 1223384 1223384 1223390 1223430 1223469 1223481 1223501 1223505 1223512 1223520 1223532 1223626 1223715 1223766 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952 1223953 1223957 1223962 1223963 1223964 1223996 1224020 1224085 1224099 1224137 1224174 1224242 1224282 1224323 1224438 1224482 1224488 1224494 1224511 1224592 1224611 1224664 1224678 1224679 1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763 1224764 1224765 1224766 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932 1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988 1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036 1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096 1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508 1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550 1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225588 1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732 1225737 1225749 1225840 1225866 1225912 1225946 1225963 1225976 1226125 1226128 1226145 1226192 1226211 1226212 1226270 1226419 1226447 1226448 1226469 1226587 1226595 1226634 1226664 1226758 1226785 1226786 1226789 1226953 1226962 1227067 1227106 1227150 1227186 1227187 1227429 1227681 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860 CVE-2023-45288 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690 CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52774 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-6531 CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1975 CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35895 CVE-2024-35904 CVE-2024-35905 CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-4032 CVE-2024-4076 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240809-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2021-1 Released: Thu Jun 13 16:10:15 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:04 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2189-1 Released: Tue Jun 25 08:34:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1 225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,122535 8,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2 021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-474 39,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE- 2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860 ,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-20 23-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2196-1 Released: Tue Jun 25 12:37:11 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2215-1 Released: Tue Jun 25 17:15:25 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1225946 This update for python-azure-agent fixes the following issue: - Use the -Z option for mv and cp in the posttrans to properly handle SELinux context (bsc#1225946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2675-1 Released: Wed Jul 31 06:57:49 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:29 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2697-1 Released: Thu Aug 1 15:28:06 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1217083,1220485 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2744-1 Released: Mon Aug 5 17:53:57 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:31 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2863-1 Released: Fri Aug 9 09:21:05 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150400.5.43.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - cups-config-2.2.7-150000.3.62.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.357.g905645c2-150400.3.34.2 updated - iputils-20211215-150400.3.14.1 updated - kernel-default-5.14.21-150400.24.125.1 updated - krb5-1.19.2-150400.3.12.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libzypp-17.34.1-150400.3.71.7 updated - login_defs-4.8.1-150400.10.21.1 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python-azure-agent-config-server-2.9.1.1-150400.3.41.1 updated - python-azure-agent-2.9.1.1-150400.3.41.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.50-150400.5.43.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - socat-1.8.0.0-150400.14.3.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150400.3.36.4 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150400.3.30.1 updated - wicked-0.6.76-150400.3.30.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - zypper-1.14.73-150400.3.50.10 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:02:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 07:02:10 -0000 Subject: SUSE-IU-2024:833-1: Security update of suse-sles-15-sp4-chost-byos-v20240809-hvm-ssd-x86_64 Message-ID: <20240810070209.E57F6FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20240809-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:833-1 Image Tags : suse-sles-15-sp4-chost-byos-v20240809-hvm-ssd-x86_64:20240809 Image Release : Severity : important Type : security References : 1065729 1141157 1160293 1174585 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1195775 1196869 1196956 1197915 1200313 1201308 1201489 1208149 1208690 1209627 1209657 1209799 1209834 1210335 1211592 1213551 1213863 1214960 1216124 1216702 1217083 1217169 1217515 1218148 1218447 1218668 1218917 1219004 1219224 1219559 1219680 1220485 1220492 1220492 1220664 1220783 1221044 1221400 1221563 1221645 1221854 1221958 1222011 1222015 1222075 1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222976 1223057 1223084 1223107 1223111 1223138 1223191 1223384 1223384 1223390 1223430 1223469 1223481 1223501 1223505 1223512 1223520 1223532 1223626 1223715 1223766 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952 1223953 1223957 1223962 1223963 1223964 1223996 1224020 1224085 1224099 1224137 1224174 1224242 1224282 1224323 1224438 1224482 1224488 1224494 1224511 1224592 1224611 1224664 1224678 1224679 1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763 1224764 1224765 1224766 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932 1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988 1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036 1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096 1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508 1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550 1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225588 1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732 1225737 1225749 1225840 1225866 1225912 1225963 1225976 1226125 1226128 1226145 1226192 1226211 1226212 1226270 1226419 1226447 1226448 1226469 1226587 1226595 1226634 1226664 1226758 1226785 1226786 1226789 1226953 1226962 1227067 1227106 1227150 1227186 1227187 1227429 1227681 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860 CVE-2023-45288 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690 CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52774 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-6531 CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1975 CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35895 CVE-2024-35904 CVE-2024-35905 CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-4032 CVE-2024-4076 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20240809-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2021-1 Released: Thu Jun 13 16:10:15 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:04 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2189-1 Released: Tue Jun 25 08:34:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1 225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,122535 8,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2 021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-474 39,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE- 2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860 ,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-20 23-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2196-1 Released: Tue Jun 25 12:37:11 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2675-1 Released: Wed Jul 31 06:57:49 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:29 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2697-1 Released: Thu Aug 1 15:28:06 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1217083,1220485 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2744-1 Released: Mon Aug 5 17:53:57 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:31 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2863-1 Released: Fri Aug 9 09:21:05 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150400.5.43.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - cups-config-2.2.7-150000.3.62.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.357.g905645c2-150400.3.34.2 updated - iputils-20211215-150400.3.14.1 updated - kernel-default-5.14.21-150400.24.125.1 updated - krb5-1.19.2-150400.3.12.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libzypp-17.34.1-150400.3.71.7 updated - login_defs-4.8.1-150400.10.21.1 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.50-150400.5.43.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - socat-1.8.0.0-150400.14.3.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150400.3.36.4 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150400.3.30.1 updated - wicked-0.6.76-150400.3.30.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - zypper-1.14.73-150400.3.50.10 updated From sle-container-updates at lists.suse.com Sat Aug 10 07:02:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 10 Aug 2024 07:02:32 -0000 Subject: SUSE-IU-2024:834-1: Security update of sles-15-sp4-chost-byos-v20240809-arm64 Message-ID: <20240810070231.0920DFBA1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20240809-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:834-1 Image Tags : sles-15-sp4-chost-byos-v20240809-arm64:20240809 Image Release : Severity : important Type : security References : 1065729 1141157 1160293 1174585 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1195775 1196869 1196956 1197915 1200313 1201308 1201489 1208149 1208690 1209627 1209657 1209799 1209834 1210335 1211592 1213551 1213863 1214960 1216124 1216702 1217083 1217169 1217515 1218148 1218447 1218668 1218917 1219004 1219224 1219559 1220485 1220492 1220492 1220664 1220783 1221044 1221400 1221563 1221645 1221854 1221958 1222011 1222015 1222075 1222075 1222086 1222254 1222559 1222619 1222678 1222721 1222976 1223057 1223084 1223107 1223111 1223138 1223191 1223384 1223384 1223390 1223430 1223481 1223501 1223505 1223512 1223520 1223532 1223626 1223715 1223766 1223894 1223921 1223922 1223923 1223924 1223929 1223931 1223932 1223934 1223941 1223948 1223952 1223953 1223957 1223962 1223963 1223964 1223996 1224020 1224085 1224099 1224137 1224174 1224242 1224282 1224323 1224438 1224482 1224488 1224494 1224511 1224592 1224611 1224664 1224678 1224679 1224682 1224685 1224696 1224703 1224730 1224736 1224749 1224763 1224764 1224765 1224766 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224931 1224932 1224935 1224937 1224942 1224944 1224945 1224947 1224956 1224988 1225000 1225003 1225005 1225009 1225022 1225031 1225032 1225036 1225044 1225076 1225077 1225082 1225086 1225092 1225095 1225096 1225098 1225106 1225108 1225109 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225409 1225410 1225411 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225471 1225472 1225478 1225479 1225482 1225483 1225486 1225487 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225508 1225510 1225518 1225529 1225530 1225532 1225534 1225549 1225550 1225551 1225553 1225554 1225557 1225559 1225560 1225565 1225566 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225588 1225589 1225590 1225591 1225592 1225595 1225599 1225611 1225732 1225737 1225749 1225840 1225866 1225912 1225963 1225976 1226125 1226128 1226145 1226192 1226211 1226212 1226270 1226419 1226447 1226448 1226469 1226587 1226595 1226634 1226664 1226758 1226785 1226786 1226789 1226953 1226962 1227067 1227106 1227150 1227186 1227187 1227429 1227681 1227711 1228256 1228257 1228258 1228322 1228770 916845 CVE-2013-4235 CVE-2013-4235 CVE-2019-13225 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-43056 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47571 CVE-2022-48632 CVE-2022-48634 CVE-2022-48636 CVE-2022-48652 CVE-2022-48662 CVE-2022-48671 CVE-2022-48672 CVE-2022-48673 CVE-2022-48675 CVE-2022-48686 CVE-2022-48687 CVE-2022-48688 CVE-2022-48692 CVE-2022-48693 CVE-2022-48694 CVE-2022-48695 CVE-2022-48697 CVE-2022-48699 CVE-2022-48700 CVE-2022-48701 CVE-2022-48702 CVE-2022-48703 CVE-2022-48704 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-24023 CVE-2023-2860 CVE-2023-45288 CVE-2023-47233 CVE-2023-52425 CVE-2023-52591 CVE-2023-52654 CVE-2023-52655 CVE-2023-52670 CVE-2023-52676 CVE-2023-52686 CVE-2023-52690 CVE-2023-52702 CVE-2023-52703 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52747 CVE-2023-52752 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52774 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52846 CVE-2023-52847 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-52881 CVE-2023-6531 CVE-2024-0397 CVE-2024-0450 CVE-2024-0639 CVE-2024-1737 CVE-2024-1975 CVE-2024-26739 CVE-2024-26745 CVE-2024-26764 CVE-2024-26828 CVE-2024-26840 CVE-2024-26852 CVE-2024-26862 CVE-2024-26921 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-27398 CVE-2024-27413 CVE-2024-34459 CVE-2024-35789 CVE-2024-35811 CVE-2024-35815 CVE-2024-35817 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35895 CVE-2024-35904 CVE-2024-35905 CVE-2024-35914 CVE-2024-35950 CVE-2024-36894 CVE-2024-36899 CVE-2024-36904 CVE-2024-36926 CVE-2024-36940 CVE-2024-36964 CVE-2024-36971 CVE-2024-37370 CVE-2024-37371 CVE-2024-37891 CVE-2024-38428 CVE-2024-38541 CVE-2024-38545 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38578 CVE-2024-4032 CVE-2024-4076 CVE-2024-4741 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20240809-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2021-1 Released: Thu Jun 13 16:10:15 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:04 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2189-1 Released: Tue Jun 25 08:34:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1174585,1190569,1191949,1192107,1193983,1194288,1194869,1196869,1196956,1197915,1200313,1201308,1201489,1208149,1209657,1209799,1209834,1210335,1211592,1213863,1216702,1217169,1217515,1218447,1218917,1220492,1220783,1221044,1221645,1221958,1222011,1222559,1222619,1222721,1222976,1223057,1223084,1223111,1223138,1223191,1223384,1223390,1223481,1223501,1223505,1223512,1223520,1223532,1223626,1223715,1223894,1223921,1223922,1223923,1223924,1223929,1223931,1223932,1223934,1223941,1223948,1223952,1223953,1223957,1223962,1223963,1223964,1223996,1224085,1224099,1224137,1224174,1224438,1224482,1224488,1224494,1224511,1224592,1224611,1224664,1224678,1224682,1224685,1224730,1224736,1224763,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224931,1224932,1224937,1224942,1224944,1224945,1224947,1224956,1224988,1225000,1225003,1225005,1225009,1225022,1225031,1225032,1225036,1 225044,1225076,1225077,1225082,1225086,1225092,1225095,1225096,1225106,1225108,1225109,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,122535 8,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225409,1225410,1225411,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225471,1225472,1225478,1225479,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225508,1225510,1225529,1225530,1225532,1225534,1225549,1225550,1225553,1225554,1225557,1225559,1225560,1225565,1225566,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225588,1225589,1225590,1225591,1225592,1225595,1225599,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-43056,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2 021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-474 39,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE- 2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47553,CVE-2021-47554,CVE-2021-47556,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2022-48632,CVE-2022-48634,CVE-2022-48636,CVE-2022-48652,CVE-2022-48662,CVE-2022-48671,CVE-2022-48672,CVE-2022-48673,CVE-2022-48675,CVE-2022-48686,CVE-2022-48687,CVE-2022-48688,CVE-2022-48692,CVE-2022-48693,CVE-2022-48694,CVE-2022-48695,CVE-2022-48697,CVE-2022-48699,CVE-2022-48700,CVE-2022-48701,CVE-2022-48702,CVE-2022-48703,CVE-2022-48704,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-2860 ,CVE-2023-47233,CVE-2023-52591,CVE-2023-52654,CVE-2023-52655,CVE-2023-52676,CVE-2023-52686,CVE-2023-52690,CVE-2023-52702,CVE-2023-52703,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52774,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52864,CVE-2023-52865,CVE-20 23-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-0639,CVE-2024-26739,CVE-2024-26764,CVE-2024-26828,CVE-2024-26840,CVE-2024-26852,CVE-2024-26862,CVE-2024-26921,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-27398,CVE-2024-27413,CVE-2024-35811,CVE-2024-35815,CVE-2024-35817,CVE-2024-35863,CVE-2024-35867,CVE-2024-35868,CVE-2024-35895,CVE-2024-35904,CVE-2024-35905,CVE-2024-35914,CVE-2024-36926 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-26828: Fix underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-35863: Fix potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35867: Fix potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fix potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-27413: Fix incorrect allocation size (bsc#1224438). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35904: Avoid dereference of garbage after mount failure (bsc#1224494). - CVE-2024-26929: Fixed double free of fcport (bsc#1223715). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-26930: Fixed double free of the ha->vp_map pointer (bsc#1223626). - CVE-2024-26840: Fixed a memory leak in cachefiles_add_cache() (bsc#1222976). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). The following non-security bugs were fixed: - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - filemap: remove use of wait bookmarks (bsc#1224085). - idpf: extend tx watchdog timeout (bsc#1224137). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - powerpc/kasan: Do not instrument non-maskable or raw interrupts (bsc#1223191). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/powernv: Add a null pointer check to scom_debug_init_one() (bsc#1194869). - powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (bsc#1220492 ltc#205270). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc: Refactor verification of MSR_RI (bsc#1223191). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2196-1 Released: Tue Jun 25 12:37:11 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2495-1 Released: Tue Jul 16 09:29:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1195775,1216124,1218148,1219224,1220492,1222015,1222254,1222678,1223384,1224020,1224679,1224696,1224703,1224749,1224764,1224765,1224766,1224935,1225098,1225467,1225487,1225518,1225611,1225732,1225737,1225749,1225840,1225866,1226145,1226211,1226212,1226270,1226587,1226595,1226634,1226758,1226785,1226786,1226789,1226953,1226962,CVE-2021-47555,CVE-2021-47571,CVE-2023-24023,CVE-2023-52670,CVE-2023-52752,CVE-2023-52837,CVE-2023-52846,CVE-2023-52881,CVE-2024-26745,CVE-2024-26923,CVE-2024-35789,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35950,CVE-2024-36894,CVE-2024-36899,CVE-2024-36904,CVE-2024-36940,CVE-2024-36964,CVE-2024-36971,CVE-2024-38541,CVE-2024-38545,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38578 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595) - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect()(bsc#1224766). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). The following non-security bugs were fixed: - Revert 'build initrd without systemd' (bsc#1195775)' - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1216124). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: do not include bnobt blocks when reserving free block pool (bsc#1226270). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2671-1 Released: Tue Jul 30 21:10:57 2024 Summary: Recommended update for cups Type: recommended Severity: moderate References: 1226192 This update for cups fixes the following issues: - Require the exact matching version-release of all libcups* sub-packages (bsc#1226192) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2675-1 Released: Wed Jul 31 06:57:49 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 06:59:29 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2697-1 Released: Thu Aug 1 15:28:06 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1217083,1220485 This update for dracut fixes the following issues: - Version update: * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) * fix(zfcp_rules): correct shellcheck regression when parsing ccw args (bsc#1220485) * fix(dracut.sh): skip README for AMD microcode generation (bsc#1217083) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2744-1 Released: Mon Aug 5 17:53:57 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:31 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2863-1 Released: Fri Aug 9 09:21:05 2024 Summary: Security update for bind Type: security Severity: important References: 1228256,1228257,1228258,CVE-2024-1737,CVE-2024-1975,CVE-2024-4076 This update for bind fixes the following issues: Update to 9.16.50: - Bug Fixes: * A regression in cache-cleaning code enabled memory use to grow significantly more quickly than before, until the configured max-cache-size limit was reached. This has been fixed. * Using rndc flush inadvertently caused cache cleaning to become less effective. This could ultimately lead to the configured max-cache-size limit being exceeded and has now been fixed. * The logic for cleaning up expired cached DNS records was tweaked to be more aggressive. This change helps with enforcing max-cache-ttl and max-ncache-ttl in a timely manner. * It was possible to trigger a use-after-free assertion when the overmem cache cleaning was initiated. This has been fixed. New Features: * Added RESOLVER.ARPA to the built in empty zones. - Security Fixes: * It is possible to craft excessively large numbers of resource record types for a given owner name, which has the effect of slowing down database processing. This has been addressed by adding a configurable limit to the number of records that can be stored per name and type in a cache or zone database. The default is 100, which can be tuned with the new max-types-per-name option. (CVE-2024-1737, bsc#1228256) * Validating DNS messages signed using the SIG(0) protocol (RFC 2931) could cause excessive CPU load, leading to a denial-of-service condition. Support for SIG(0) message validation was removed from this version of named. (CVE-2024-1975, bsc#1228257) * When looking up the NS records of parent zones as part of looking up DS records, it was possible for named to trigger an assertion failure if serve-stale was enabled. This has been fixed. (CVE-2024-4076, bsc#1228258) The following package changes have been done: - bind-utils-9.16.50-150400.5.43.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - cups-config-2.2.7-150000.3.62.1 updated - docker-25.0.6_ce-150000.203.1 updated - dracut-055+suse.357.g905645c2-150400.3.34.2 updated - google-guest-agent-20240314.00-150400.1.48.7 updated - google-guest-configs-20240307.00-150400.13.11.6 updated - google-guest-oslogin-20240311.00-150400.1.45.7 updated - google-osconfig-agent-20240320.00-150400.1.35.7 updated - growpart-rootgrow-1.0.7-150400.1.14.7 updated - iputils-20211215-150400.3.14.1 updated - kernel-default-5.14.21-150400.24.125.1 updated - krb5-1.19.2-150400.3.12.1 updated - libassuan0-2.5.5-150000.4.7.1 updated - libcups2-2.2.7-150000.3.62.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libzypp-17.34.1-150400.3.71.7 updated - login_defs-4.8.1-150400.10.21.1 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-bind-9.16.50-150400.5.43.1 updated - python3-cssselect-1.0.3-150400.3.7.4 updated - python3-requests-2.25.1-150300.3.12.2 updated - python3-urllib3-1.25.10-150300.4.12.1 updated - python3-3.6.15-150300.10.65.2 updated - runc-1.1.13-150000.67.1 updated - shadow-4.8.1-150400.10.21.1 updated - socat-1.8.0.0-150400.14.3.1 updated - suse-build-key-12.0-150000.8.49.2 updated - suseconnect-ng-1.11.0-150400.3.36.4 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.76-150400.3.30.1 updated - wicked-0.6.76-150400.3.30.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - zypper-1.14.73-150400.3.50.10 updated From sle-container-updates at lists.suse.com Wed Aug 21 07:05:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 21 Aug 2024 09:05:14 +0200 (CEST) Subject: SUSE-IU-2024:1020-1: Security update of suse/sl-micro/6.0/rt-os-container Message-ID: <20240821070514.42EF2FBA5@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1020-1 Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.2 , suse/sl-micro/6.0/rt-os-container:2.1.2-4.6 , suse/sl-micro/6.0/rt-os-container:latest Image Release : 4.6 Severity : important Type : security References : 1012628 1065729 1141539 1181674 1186716 1187716 1193599 1194869 1195775 1204562 1207948 1208593 1209657 1209834 1213573 1214683 1214852 1215199 1215587 1216196 1216358 1216436 1216702 1217169 1217384 1217408 1217481 1217750 1217912 1218442 1218447 1218562 1218730 1218820 1218917 1219104 1219170 1219216 1219224 1219451 1219478 1219485 1219596 1219633 1219832 1219847 1219953 1220021 1220120 1220138 1220148 1220214 1220328 1220427 1220430 1220569 1220738 1220783 1220942 1221044 1221057 1221086 1221097 1221303 1221399 1221612 1221615 1221635 1221645 1221647 1221649 1221654 1221656 1221659 1221765 1221777 1221816 1221829 1221858 1221958 1222011 1222015 1222080 1222241 1222294 1222303 1222326 1222328 1222357 1222368 1222378 1222380 1222385 1222426 1222438 1222459 1222463 1222464 1222532 1222559 1222588 1222596 1222608 1222613 1222615 1222617 1222619 1222624 1222627 1222654 1222721 1222768 1222769 1222771 1222775 1222777 1222779 1222780 1222782 1222793 1222809 1222810 1222893 1223007 1223010 1223011 1223016 1223018 1223020 1223021 1223023 1223024 1223035 1223038 1223039 1223041 1223045 1223046 1223051 1223052 1223057 1223058 1223060 1223061 1223062 1223076 1223077 1223084 1223111 1223113 1223137 1223138 1223140 1223143 1223187 1223188 1223189 1223190 1223191 1223192 1223195 1223196 1223197 1223198 1223202 1223203 1223204 1223205 1223207 1223265 1223285 1223315 1223323 1223338 1223357 1223369 1223380 1223384 1223390 1223415 1223439 1223462 1223525 1223532 1223539 1223570 1223575 1223590 1223591 1223592 1223593 1223625 1223626 1223627 1223629 1223631 1223632 1223633 1223634 1223637 1223638 1223641 1223642 1223643 1223644 1223645 1223646 1223648 1223649 1223650 1223651 1223652 1223653 1223654 1223655 1223657 1223660 1223661 1223663 1223664 1223665 1223666 1223667 1223668 1223669 1223670 1223671 1223675 1223677 1223678 1223679 1223686 1223692 1223693 1223695 1223696 1223698 1223699 1223705 1223709 1223711 1223712 1223714 1223715 1223717 1223718 1223723 1223725 1223728 1223731 1223732 1223734 1223735 1223737 1223738 1223739 1223740 1223741 1223744 1223745 1223747 1223748 1223749 1223750 1223752 1223754 1223756 1223757 1223759 1223760 1223761 1223762 1223764 1223765 1223768 1223769 1223770 1223774 1223776 1223778 1223779 1223780 1223781 1223782 1223787 1223788 1223789 1223790 1223802 1223804 1223805 1223806 1223807 1223808 1223810 1223813 1223815 1223816 1223819 1223821 1223822 1223823 1223824 1223826 1223827 1223828 1223829 1223831 1223834 1223836 1223837 1223838 1223842 1223843 1223844 1223847 1223863 1223869 1223870 1223871 1223872 1223874 1223944 1223945 1223946 1223991 1224049 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224331 1224348 1224414 1224422 1224423 1224429 1224430 1224432 1224433 1224437 1224438 1224439 1224442 1224443 1224445 1224449 1224477 1224479 1224480 1224481 1224482 1224486 1224487 1224488 1224490 1224491 1224492 1224493 1224494 1224495 1224497 1224498 1224499 1224500 1224501 1224502 1224504 1224505 1224506 1224507 1224508 1224509 1224511 1224512 1224513 1224515 1224516 1224517 1224519 1224520 1224521 1224523 1224524 1224525 1224526 1224530 1224531 1224534 1224537 1224539 1224540 1224541 1224542 1224543 1224544 1224545 1224546 1224549 1224550 1224552 1224553 1224555 1224557 1224558 1224559 1224562 1224565 1224566 1224567 1224568 1224569 1224571 1224572 1224573 1224575 1224576 1224577 1224578 1224579 1224580 1224581 1224582 1224583 1224584 1224585 1224586 1224587 1224588 1224589 1224592 1224596 1224598 1224600 1224601 1224602 1224603 1224604 1224605 1224606 1224607 1224608 1224609 1224611 1224612 1224613 1224614 1224615 1224617 1224618 1224619 1224620 1224621 1224622 1224623 1224624 1224626 1224627 1224628 1224629 1224630 1224632 1224633 1224634 1224636 1224637 1224638 1224639 1224640 1224641 1224643 1224644 1224645 1224646 1224647 1224648 1224649 1224650 1224651 1224652 1224653 1224654 1224655 1224657 1224659 1224660 1224661 1224662 1224663 1224664 1224665 1224666 1224667 1224668 1224670 1224671 1224672 1224673 1224675 1224676 1224677 1224678 1224679 1224680 1224681 1224682 1224683 1224685 1224686 1224687 1224688 1224692 1224696 1224697 1224698 1224699 1224701 1224703 1224704 1224705 1224706 1224707 1224709 1224710 1224712 1224714 1224716 1224717 1224718 1224719 1224720 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224735 1224736 1224738 1224739 1224740 1224741 1224742 1224743 1224747 1224749 1224751 1224763 1224764 1224765 1224766 1224767 1224790 1224792 1224793 1224803 1224804 1224866 1224928 1224930 1224932 1224933 1224935 1224936 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224989 1224992 1224998 1225000 1225001 1225004 1225006 1225007 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225053 1225076 1225077 1225078 1225081 1225085 1225086 1225088 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225133 1225134 1225136 1225172 1225180 1225272 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225489 1225490 1225502 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225578 1225579 1225580 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225594 1225595 1225599 1225600 1225601 1225602 1225605 1225607 1225609 1225610 1225611 1225616 1225618 1225640 1225642 1225681 1225692 1225694 1225695 1225696 1225698 1225699 1225702 1225704 1225705 1225708 1225710 1225711 1225712 1225714 1225715 1225717 1225719 1225720 1225722 1225723 1225726 1225728 1225731 1225732 1225734 1225735 1225736 1225737 1225741 1225744 1225745 1225746 1225747 1225748 1225749 1225750 1225752 1225753 1225756 1225757 1225758 1225759 1225760 1225761 1225762 1225763 1225765 1225766 1225767 1225769 1225770 1225773 1225775 1225805 1225810 1225815 1225820 1225823 1225827 1225829 1225830 1225834 1225835 1225839 1225840 1225842 1225843 1225847 1225851 1225856 1225866 1225872 1225894 1225895 1225896 1225898 1225903 1225945 1226022 1226131 1226145 1226149 1226155 1226158 1226163 1226202 1226211 1226212 1226213 1226226 1226457 1226502 1226503 1226513 1226514 1226519 1226520 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226783 1226785 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226866 1226867 1226868 1226875 1226876 1226878 1226879 1226883 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226915 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226993 1226994 1226995 1226996 1227066 1227072 1227085 1227089 1227090 1227096 1227101 1227103 1227149 1227190 1227282 1227362 1227363 1227383 1227432 1227433 1227434 1227435 1227443 1227446 1227447 1227487 1227573 1227626 1227716 1227719 1227723 1227730 1227736 1227755 1227757 1227762 1227763 1227779 1227780 1227783 1227786 1227788 1227789 1227797 1227800 1227801 1227803 1227806 1227813 1227814 1227836 1227855 1227862 1227866 1227886 1227899 1227910 1227913 1227926 1228090 1228114 1228192 1228193 1228211 1228269 1228289 1228327 1228328 1228403 1228405 1228408 1228417 1229025 CVE-2021-47432 CVE-2022-48669 CVE-2022-48772 CVE-2023-0160 CVE-2023-38417 CVE-2023-47210 CVE-2023-51780 CVE-2023-52434 CVE-2023-52435 CVE-2023-52472 CVE-2023-52483 CVE-2023-52616 CVE-2023-52618 CVE-2023-52622 CVE-2023-52635 CVE-2023-52641 CVE-2023-52647 CVE-2023-52648 CVE-2023-52649 CVE-2023-52650 CVE-2023-52652 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52658 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52663 CVE-2023-52664 CVE-2023-52667 CVE-2023-52669 CVE-2023-52670 CVE-2023-52671 CVE-2023-52672 CVE-2023-52673 CVE-2023-52674 CVE-2023-52675 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52681 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52687 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52695 CVE-2023-52696 CVE-2023-52697 CVE-2023-52698 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52751 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52771 CVE-2023-52772 CVE-2023-52773 CVE-2023-52774 CVE-2023-52775 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52882 CVE-2023-52883 CVE-2023-52884 CVE-2023-6238 CVE-2024-0639 CVE-2024-21823 CVE-2024-23848 CVE-2024-25741 CVE-2024-26582 CVE-2024-26611 CVE-2024-26615 CVE-2024-26623 CVE-2024-26625 CVE-2024-26632 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26638 CVE-2024-26641 CVE-2024-26643 CVE-2024-26663 CVE-2024-26665 CVE-2024-26671 CVE-2024-26673 CVE-2024-26674 CVE-2024-26676 CVE-2024-26679 CVE-2024-26691 CVE-2024-26692 CVE-2024-26726 CVE-2024-26734 CVE-2024-26739 CVE-2024-26742 CVE-2024-26750 CVE-2024-26758 CVE-2024-26760 CVE-2024-26761 CVE-2024-26767 CVE-2024-26772 CVE-2024-26775 CVE-2024-26780 CVE-2024-26783 CVE-2024-26785 CVE-2024-26786 CVE-2024-26791 CVE-2024-26794 CVE-2024-26813 CVE-2024-26814 CVE-2024-26816 CVE-2024-26822 CVE-2024-26826 CVE-2024-26828 CVE-2024-26832 CVE-2024-26845 CVE-2024-26846 CVE-2024-26852 CVE-2024-26853 CVE-2024-26854 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26858 CVE-2024-26860 CVE-2024-26861 CVE-2024-26862 CVE-2024-26863 CVE-2024-26865 CVE-2024-26866 CVE-2024-26868 CVE-2024-26870 CVE-2024-26877 CVE-2024-26878 CVE-2024-26880 CVE-2024-26881 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26889 CVE-2024-26890 CVE-2024-26892 CVE-2024-26893 CVE-2024-26895 CVE-2024-26897 CVE-2024-26898 CVE-2024-26899 CVE-2024-26900 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906 CVE-2024-26907 CVE-2024-26909 CVE-2024-26913 CVE-2024-26914 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26923 CVE-2024-26925 CVE-2024-26927 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26932 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26944 CVE-2024-26945 CVE-2024-26946 CVE-2024-26948 CVE-2024-26949 CVE-2024-26950 CVE-2024-26951 CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26959 CVE-2024-26960 CVE-2024-26961 CVE-2024-26962 CVE-2024-26963 CVE-2024-26964 CVE-2024-26965 CVE-2024-26966 CVE-2024-26968 CVE-2024-26969 CVE-2024-26970 CVE-2024-26972 CVE-2024-26973 CVE-2024-26974 CVE-2024-26975 CVE-2024-26977 CVE-2024-26978 CVE-2024-26981 CVE-2024-26982 CVE-2024-26983 CVE-2024-26984 CVE-2024-26986 CVE-2024-26988 CVE-2024-26989 CVE-2024-26990 CVE-2024-26991 CVE-2024-26992 CVE-2024-26993 CVE-2024-26994 CVE-2024-26995 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008 CVE-2024-27009 CVE-2024-27012 CVE-2024-27013 CVE-2024-27014 CVE-2024-27015 CVE-2024-27016 CVE-2024-27019 CVE-2024-27020 CVE-2024-27022 CVE-2024-27023 CVE-2024-27025 CVE-2024-27027 CVE-2024-27028 CVE-2024-27029 CVE-2024-27030 CVE-2024-27031 CVE-2024-27036 CVE-2024-27037 CVE-2024-27038 CVE-2024-27039 CVE-2024-27040 CVE-2024-27041 CVE-2024-27042 CVE-2024-27043 CVE-2024-27044 CVE-2024-27045 CVE-2024-27046 CVE-2024-27047 CVE-2024-27048 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27056 CVE-2024-27057 CVE-2024-27059 CVE-2024-27060 CVE-2024-27062 CVE-2024-27064 CVE-2024-27065 CVE-2024-27067 CVE-2024-27068 CVE-2024-27071 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27080 CVE-2024-27388 CVE-2024-27389 CVE-2024-27391 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27402 CVE-2024-27404 CVE-2024-27405 CVE-2024-27408 CVE-2024-27410 CVE-2024-27411 CVE-2024-27412 CVE-2024-27413 CVE-2024-27414 CVE-2024-27416 CVE-2024-27417 CVE-2024-27418 CVE-2024-27431 CVE-2024-27432 CVE-2024-27434 CVE-2024-27435 CVE-2024-27436 CVE-2024-28182 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35784 CVE-2024-35786 CVE-2024-35788 CVE-2024-35789 CVE-2024-35790 CVE-2024-35791 CVE-2024-35794 CVE-2024-35795 CVE-2024-35796 CVE-2024-35799 CVE-2024-35800 CVE-2024-35801 CVE-2024-35803 CVE-2024-35804 CVE-2024-35805 CVE-2024-35806 CVE-2024-35807 CVE-2024-35808 CVE-2024-35809 CVE-2024-35810 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35814 CVE-2024-35815 CVE-2024-35817 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35824 CVE-2024-35825 CVE-2024-35827 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35831 CVE-2024-35833 CVE-2024-35834 CVE-2024-35835 CVE-2024-35836 CVE-2024-35837 CVE-2024-35838 CVE-2024-35841 CVE-2024-35842 CVE-2024-35843 CVE-2024-35845 CVE-2024-35847 CVE-2024-35848 CVE-2024-35849 CVE-2024-35850 CVE-2024-35851 CVE-2024-35852 CVE-2024-35853 CVE-2024-35854 CVE-2024-35857 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35880 CVE-2024-35883 CVE-2024-35884 CVE-2024-35885 CVE-2024-35886 CVE-2024-35887 CVE-2024-35889 CVE-2024-35890 CVE-2024-35891 CVE-2024-35892 CVE-2024-35893 CVE-2024-35895 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35901 CVE-2024-35903 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35908 CVE-2024-35909 CVE-2024-35911 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35916 CVE-2024-35917 CVE-2024-35921 CVE-2024-35922 CVE-2024-35924 CVE-2024-35925 CVE-2024-35926 CVE-2024-35927 CVE-2024-35928 CVE-2024-35930 CVE-2024-35931 CVE-2024-35932 CVE-2024-35933 CVE-2024-35934 CVE-2024-35935 CVE-2024-35936 CVE-2024-35937 CVE-2024-35938 CVE-2024-35940 CVE-2024-35942 CVE-2024-35943 CVE-2024-35944 CVE-2024-35945 CVE-2024-35946 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35953 CVE-2024-35954 CVE-2024-35955 CVE-2024-35957 CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35970 CVE-2024-35971 CVE-2024-35972 CVE-2024-35973 CVE-2024-35974 CVE-2024-35975 CVE-2024-35976 CVE-2024-35977 CVE-2024-35978 CVE-2024-35979 CVE-2024-35981 CVE-2024-35982 CVE-2024-35984 CVE-2024-35986 CVE-2024-35989 CVE-2024-35990 CVE-2024-35991 CVE-2024-35992 CVE-2024-35995 CVE-2024-35997 CVE-2024-35998 CVE-2024-35999 CVE-2024-36002 CVE-2024-36003 CVE-2024-36004 CVE-2024-36005 CVE-2024-36006 CVE-2024-36007 CVE-2024-36008 CVE-2024-36009 CVE-2024-36010 CVE-2024-36011 CVE-2024-36012 CVE-2024-36013 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36017 CVE-2024-36018 CVE-2024-36019 CVE-2024-36020 CVE-2024-36021 CVE-2024-36024 CVE-2024-36025 CVE-2024-36026 CVE-2024-36029 CVE-2024-36030 CVE-2024-36032 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36880 CVE-2024-36882 CVE-2024-36885 CVE-2024-36887 CVE-2024-36889 CVE-2024-36890 CVE-2024-36891 CVE-2024-36893 CVE-2024-36894 CVE-2024-36895 CVE-2024-36896 CVE-2024-36897 CVE-2024-36898 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36903 CVE-2024-36904 CVE-2024-36906 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36918 CVE-2024-36919 CVE-2024-36921 CVE-2024-36922 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36930 CVE-2024-36931 CVE-2024-36934 CVE-2024-36935 CVE-2024-36936 CVE-2024-36937 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36952 CVE-2024-36955 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36974 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38604 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38659 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39276 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39473 CVE-2024-39474 CVE-2024-39475 CVE-2024-39479 CVE-2024-39481 CVE-2024-39482 CVE-2024-39487 CVE-2024-39490 CVE-2024-39494 CVE-2024-39496 CVE-2024-39498 CVE-2024-39502 CVE-2024-39504 CVE-2024-39507 CVE-2024-40901 CVE-2024-40906 CVE-2024-40908 CVE-2024-40919 CVE-2024-40923 CVE-2024-40925 CVE-2024-40928 CVE-2024-40931 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40947 CVE-2024-40948 CVE-2024-40953 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40970 CVE-2024-40972 CVE-2024-40975 CVE-2024-40979 CVE-2024-40998 CVE-2024-40999 CVE-2024-41006 CVE-2024-41011 CVE-2024-41013 CVE-2024-41014 CVE-2024-41017 CVE-2024-41090 CVE-2024-41091 ----------------------------------------------------------------- The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: 19 Released: Tue Aug 20 14:37:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1141539,1181674,1186716,1187716,1193599,1194869,1195775,1204562,1207948,1208593,1209657,1209834,1213573,1214683,1214852,1215199,1215587,1216196,1216358,1216436,1216702,1217169,1217384,1217408,1217481,1217750,1217912,1218442,1218447,1218562,1218730,1218820,1218917,1219104,1219170,1219216,1219224,1219451,1219478,1219485,1219596,1219633,1219832,1219847,1219953,1220021,1220120,1220138,1220148,1220214,1220328,1220427,1220430,1220569,1220738,1220783,1220942,1221044,1221057,1221086,1221097,1221303,1221612,1221615,1221635,1221645,1221647,1221649,1221654,1221656,1221659,1221765,1221777,1221816,1221829,1221858,1221958,1222011,1222015,1222080,1222241,1222294,1222303,1222326,1222328,1222357,1222368,1222378,1222380,1222385,1222426,1222438,1222459,1222463,1222464,1222532,1222559,1222588,1222596,1222608,1222613,1222615,1222617,1222619,1222624,1222627,1222654,1222721,1222768,1222769,1222771,1222775,1222777,1222779,1222780,1222782,1222793,1222809,1222810,1222893,1223007,1 223010,1223011,1223016,1223018,1223020,1223021,1223023,1223024,1223035,1223038,1223039,1223041,1223045,1223046,1223051,1223052,1223057,1223058,1223060,1223061,1223062,1223076,1223077,1223084,1223111,1223113,1223137,1223138,1223140,1223143,1223187,1223188,1223189,1223190,1223191,1223192,1223195,1223196,1223197,1223198,1223202,1223203,1223204,1223205,1223207,1223265,1223285,1223315,1223323,1223338,1223357,1223369,1223380,1223384,1223390,1223415,1223439,1223462,1223525,1223532,1223539,1223570,1223575,1223590,1223591,1223592,1223593,1223625,1223626,1223627,1223629,1223631,1223632,1223633,1223634,1223637,1223638,1223641,1223642,1223643,1223644,1223645,1223646,1223648,1223649,1223650,1223651,1223652,1223653,1223654,1223655,1223657,1223660,1223661,1223663,1223664,1223665,1223666,1223667,1223668,1223669,1223670,1223671,1223675,1223677,1223678,1223679,1223686,1223692,1223693,1223695,1223696,1223698,1223699,1223705,1223709,1223711,1223712,1223714,1223715,1223717,1223718,1223723,1223725,122372 8,1223731,1223732,1223734,1223735,1223737,1223738,1223739,1223740,1223741,1223744,1223745,1223747,1223748,1223749,1223750,1223752,1223754,1223756,1223757,1223759,1223760,1223761,1223762,1223764,1223765,1223768,1223769,1223770,1223774,1223776,1223778,1223779,1223780,1223781,1223782,1223787,1223788,1223789,1223790,1223802,1223804,1223805,1223806,1223807,1223808,1223810,1223813,1223815,1223816,1223819,1223821,1223822,1223823,1223824,1223826,1223827,1223828,1223829,1223831,1223834,1223836,1223837,1223838,1223842,1223843,1223844,1223847,1223863,1223869,1223870,1223871,1223872,1223874,1223944,1223945,1223946,1223991,1224049,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224348,1224414,1224422,1224423,1224429,1224430,1224432,1224433,1224437,1224438,1224439,1224442,1224443,1224445,1224449,1224477,1224479,1224480,1224481,1224482,1224486,1224487,1224488,1224490,1224491,1224492,1224493,1224494,1224495,1224497,1224498,1224499,1224500,1224501,122 4502,1224504,1224505,1224506,1224507,1224508,1224509,1224511,1224512,1224513,1224515,1224516,1224517,1224519,1224520,1224521,1224523,1224524,1224525,1224526,1224530,1224531,1224534,1224537,1224539,1224540,1224541,1224542,1224543,1224544,1224545,1224546,1224549,1224550,1224552,1224553,1224555,1224557,1224558,1224559,1224562,1224565,1224566,1224567,1224568,1224569,1224571,1224572,1224573,1224575,1224576,1224577,1224578,1224579,1224580,1224581,1224582,1224583,1224584,1224585,1224586,1224587,1224588,1224589,1224592,1224596,1224598,1224600,1224601,1224602,1224603,1224604,1224605,1224606,1224607,1224608,1224609,1224611,1224612,1224613,1224614,1224615,1224617,1224618,1224619,1224620,1224621,1224622,1224623,1224624,1224626,1224627,1224628,1224629,1224630,1224632,1224633,1224634,1224636,1224637,1224638,1224639,1224640,1224641,1224643,1224644,1224645,1224646,1224647,1224648,1224649,1224650,1224651,1224652,1224653,1224654,1224655,1224657,1224659,1224660,1224661,1224662,1224663,1224664,1224665, 1224666,1224667,1224668,1224670,1224671,1224672,1224673,1224675,1224676,1224677,1224678,1224679,1224680,1224681,1224682,1224683,1224685,1224686,1224687,1224688,1224692,1224696,1224697,1224698,1224699,1224701,1224703,1224704,1224705,1224706,1224707,1224709,1224710,1224712,1224714,1224716,1224717,1224718,1224719,1224720,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224735,1224736,1224738,1224739,1224740,1224741,1224742,1224743,1224747,1224749,1224751,1224763,1224764,1224765,1224766,1224767,1224790,1224792,1224793,1224803,1224804,1224866,1224928,1224930,1224932,1224933,1224935,1224936,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224989,1224992,1224998,1225000,1225001,1225004,1225006,1225007,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225053,1225076,1225077,1225078,1225081,1225085,1225086,1225088,1225090,1225092,1225096,1225097,1225098,1225101,12251 03,1225104,1225105,1225106,1225108,1225120,1225132,1225133,1225134,1225136,1225172,1225180,1225272,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225489,1225490,1225502,1225527,1225529,1225530,1225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225578,1225579,1225580,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225594,1225595,1225599,1225600,1225601,1225602,1225605,1225607,1225609,1225610,1225611,1225616,1225618,1225640,1225642,1225681,1225692,1225694,1225695,1225696,1225698,1225699,1225702,1225704,1225705,1225708,1225710,1225711,1225712,1225714,1225715,1225717,1225719,1225720,1225722,1225723,1225726,1225728,1225731,1225732,1225734,1225735,1225736,1225737,1225741,1225744,1225745,1225746,1225747,1225748,1225749,1225750,1225752,1225753,1225756,1225757,1225758,1225759,1225760,1225761,1225762,1225763,12 25765,1225766,1225767,1225769,1225770,1225773,1225775,1225805,1225810,1225815,1225820,1225823,1225827,1225829,1225830,1225834,1225835,1225839,1225840,1225842,1225843,1225847,1225851,1225856,1225866,1225872,1225894,1225895,1225896,1225898,1225903,1225945,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226202,1226211,1226212,1226213,1226226,1226457,1226502,1226503,1226513,1226514,1226519,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,1226777,1226780,1226781,1226783,1226785,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226866 ,1226867,1226868,1226875,1226876,1226878,1226879,1226883,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226915,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226993,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227103,1227149,1227190,1227282,1227362,1227363,1227383,1227432,1227433,1227434,1227435,1227443,1227446,1227447,1227487,1227573,1227626,1227716,1227719,1227723,1227730,1227736,1227755,1227757,1227762,1227763,1227779,1227780,1227783,1227786,1227788,1227789,1227797,1227800,1227801,1227803,1227806,1227813,1227814,1227836,1227855,1227862,1227866,1227886,1227899,1227910,1227913,1227926,1228090,1228114,1228192,1228193,1228211,1228269,1228289,1228327,1228328,1228403,1228405,1228408,1228417,1229025,CVE-2021-47432,CVE-2022-48669,CVE-2022-48772,CVE-2023-0160,CVE-2023-38417,CVE-2023-47210,CVE-2023-51780,CVE-2023-52434,CVE-2023-52435,CVE-2023-52472,CVE-2023-52483,CVE-2023 -52616,CVE-2023-52618,CVE-2023-52622,CVE-2023-52635,CVE-2023-52641,CVE-2023-52647,CVE-2023-52648,CVE-2023-52649,CVE-2023-52650,CVE-2023-52652,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52658,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52663,CVE-2023-52664,CVE-2023-52667,CVE-2023-52669,CVE-2023-52670,CVE-2023-52671,CVE-2023-52672,CVE-2023-52673,CVE-2023-52674,CVE-2023-52675,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52681,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52687,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52695,CVE-2023-52696,CVE-2023-52697,CVE-2023-52698,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52751,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52771,CVE-2023-52772, CVE-2023-52773,CVE-2023-52774,CVE-2023-52775,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-202 3-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52882,CVE-2023-52883,CVE-2023-52884,CVE-2023-6238,CVE-2024-0639,CVE-2024-21823,CVE-2024-23848,CVE-2024-25741,CVE-2024-26582,CVE-2024-26611,CVE-2024-26615,CVE-2024-26623,CVE-2024-26625,CVE-2024-26632,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26638,CVE-2024-26641,CVE-2024-26643,CVE-2024-26663,CVE-2024-26665,CVE-2024-26671,CVE-2024-26673,CVE-2024-26674,CVE-2024-26676,CVE-2024-26679,CVE-2024-26691,CVE-2024-26692,CVE-2024-26726,CVE-2024-26734,CVE-2024-26739,CVE-2024-26742,CVE-2024-26750,CVE-2024-26758,CVE-2024-26760,CVE-2024-26761,CVE-2024-26767,CVE-2024-26772,CVE-2024-26775,CVE-2024-26780,CVE-2024-26783,C VE-2024-26785,CVE-2024-26786,CVE-2024-26791,CVE-2024-26794,CVE-2024-26813,CVE-2024-26814,CVE-2024-26816,CVE-2024-26822,CVE-2024-26826,CVE-2024-26828,CVE-2024-26832,CVE-2024-26845,CVE-2024-26846,CVE-2024-26852,CVE-2024-26853,CVE-2024-26854,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26858,CVE-2024-26860,CVE-2024-26861,CVE-2024-26862,CVE-2024-26863,CVE-2024-26865,CVE-2024-26866,CVE-2024-26868,CVE-2024-26870,CVE-2024-26877,CVE-2024-26878,CVE-2024-26880,CVE-2024-26881,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26889,CVE-2024-26890,CVE-2024-26892,CVE-2024-26893,CVE-2024-26895,CVE-2024-26897,CVE-2024-26898,CVE-2024-26899,CVE-2024-26900,CVE-2024-26901,CVE-2024-26903,CVE-2024-26906,CVE-2024-26907,CVE-2024-26909,CVE-2024-26913,CVE-2024-26914,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26923,CVE-2024-26925,CVE-2024-26927,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26932,CVE-2024-26933,CVE-2024 -26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26944,CVE-2024-26945,CVE-2024-26946,CVE-2024-26948,CVE-2024-26949,CVE-2024-26950,CVE-2024-26951,CVE-2024-26955,CVE-2024-26956,CVE-2024-26957,CVE-2024-26958,CVE-2024-26959,CVE-2024-26960,CVE-2024-26961,CVE-2024-26962,CVE-2024-26963,CVE-2024-26964,CVE-2024-26965,CVE-2024-26966,CVE-2024-26968,CVE-2024-26969,CVE-2024-26970,CVE-2024-26972,CVE-2024-26973,CVE-2024-26974,CVE-2024-26975,CVE-2024-26977,CVE-2024-26978,CVE-2024-26981,CVE-2024-26982,CVE-2024-26983,CVE-2024-26984,CVE-2024-26986,CVE-2024-26988,CVE-2024-26989,CVE-2024-26990,CVE-2024-26991,CVE-2024-26992,CVE-2024-26993,CVE-2024-26994,CVE-2024-26995,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27002,CVE-2024-27003,CVE-2024-27004,CVE-2024-27008,CVE-2024-27009,CVE-2024-27012,CVE-2024-27013,CVE-2024-27014,CVE-2024-27015,CVE-2024-27016,CVE-2024-27019,CVE-2024-27020,CVE-2024-27022,CVE-2024-27023, CVE-2024-27025,CVE-2024-27027,CVE-2024-27028,CVE-2024-27029,CVE-2024-27030,CVE-2024-27031,CVE-2024-27036,CVE-2024-27037,CVE-2024-27038,CVE-2024-27039,CVE-2024-27040,CVE-2024-27041,CVE-2024-27042,CVE-2024-27043,CVE-2024-27044,CVE-2024-27045,CVE-2024-27046,CVE-2024-27047,CVE-2024-27048,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27056,CVE-2024-27057,CVE-2024-27059,CVE-2024-27060,CVE-2024-27062,CVE-2024-27064,CVE-2024-27065,CVE-2024-27067,CVE-2024-27068,CVE-2024-27071,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27080,CVE-2024-27388,CVE-2024-27389,CVE-2024-27391,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27402,CVE-2024-27404,CVE-2024-27405,CVE-2024-27408,CVE-2024-27410,CVE-2024-27411,CVE-2024-27412,CVE-2024-27413,CVE-2024-27414,CVE-2024-27416,CVE-2024-27417,CVE-2024-27418,CVE-2024-27431,CVE-2024-27432,CVE-2024-27434,CVE-202 4-27435,CVE-2024-27436,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35784,CVE-2024-35786,CVE-2024-35788,CVE-2024-35789,CVE-2024-35790,CVE-2024-35791,CVE-2024-35794,CVE-2024-35795,CVE-2024-35796,CVE-2024-35799,CVE-2024-35800,CVE-2024-35801,CVE-2024-35803,CVE-2024-35804,CVE-2024-35805,CVE-2024-35806,CVE-2024-35807,CVE-2024-35808,CVE-2024-35809,CVE-2024-35810,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35814,CVE-2024-35815,CVE-2024-35817,CVE-2024-35819,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35824,CVE-2024-35825,CVE-2024-35827,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35831,CVE-2024-35833,CVE-2024-35834,CVE-2024-35835,CVE-2024-35836,CVE-2024-35837,CVE-2024-35838,CVE-2024-35841,CVE-2024-35842,CVE-2024-35843,CVE-2024-35845,CVE-2024-35847,CVE-2024-35848,CVE-2024-35849,CVE-2024-35850,CVE-2024-35851,CVE-2024-35852,CVE-2024-35853,CVE-2024-35854,CVE-2024-35857,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865 ,CVE-2024-35866,CVE-2024-35867,CVE-2024-35868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35880,CVE-2024-35883,CVE-2024-35884,CVE-2024-35885,CVE-2024-35886,CVE-2024-35887,CVE-2024-35889,CVE-2024-35890,CVE-2024-35891,CVE-2024-35892,CVE-2024-35893,CVE-2024-35895,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35901,CVE-2024-35903,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35908,CVE-2024-35909,CVE-2024-35911,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35916,CVE-2024-35917,CVE-2024-35921,CVE-2024-35922,CVE-2024-35924,CVE-2024-35925,CVE-2024-35926,CVE-2024-35927,CVE-2024-35928,CVE-2024-35930,CVE-2024-35931,CVE-2024-35932,CVE-2024-35933,CVE-2024-35934,CVE-2024-35935,CVE-2024-35936,CVE-2024-35937,CVE-2024-35938,CVE-2024-35940,CVE-2024-35942,CVE-2024-35943,CVE-2024-35944,CVE-2024-35945,CVE-2024-35946,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35953,CVE-20 24-35954,CVE-2024-35955,CVE-2024-35957,CVE-2024-35958,CVE-2024-35959,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35970,CVE-2024-35971,CVE-2024-35972,CVE-2024-35973,CVE-2024-35974,CVE-2024-35975,CVE-2024-35976,CVE-2024-35977,CVE-2024-35978,CVE-2024-35979,CVE-2024-35981,CVE-2024-35982,CVE-2024-35984,CVE-2024-35986,CVE-2024-35989,CVE-2024-35990,CVE-2024-35991,CVE-2024-35992,CVE-2024-35995,CVE-2024-35997,CVE-2024-35998,CVE-2024-35999,CVE-2024-36002,CVE-2024-36003,CVE-2024-36004,CVE-2024-36005,CVE-2024-36006,CVE-2024-36007,CVE-2024-36008,CVE-2024-36009,CVE-2024-36010,CVE-2024-36011,CVE-2024-36012,CVE-2024-36013,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36017,CVE-2024-36018,CVE-2024-36019,CVE-2024-36020,CVE-2024-36021,CVE-2024-36024,CVE-2024-36025,CVE-2024-36026,CVE-2024-36029,CVE-2024-36030,CVE-2024-36032,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-3688 0,CVE-2024-36882,CVE-2024-36885,CVE-2024-36887,CVE-2024-36889,CVE-2024-36890,CVE-2024-36891,CVE-2024-36893,CVE-2024-36894,CVE-2024-36895,CVE-2024-36896,CVE-2024-36897,CVE-2024-36898,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36903,CVE-2024-36904,CVE-2024-36906,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36918,CVE-2024-36919,CVE-2024-36921,CVE-2024-36922,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36928,CVE-2024-36930,CVE-2024-36931,CVE-2024-36934,CVE-2024-36935,CVE-2024-36936,CVE-2024-36937,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36945,CVE-2024-36946,CVE-2024-36947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36952,CVE-2024-36955,CVE-2024-36957,CVE-2024-36959,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2 024-36974,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-38575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-386 02,CVE-2024-38603,CVE-2024-38604,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38659,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39276,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39473,CVE-2024-39474,CVE-2024-39475,CVE-2024-39479,CVE-2024-39481,CVE-2024-39482,CVE-2024-39487,CVE-2024-39490,CVE-2024-39494,CVE-2024-39496,CVE-2024-39498,CVE-2024-39502,CVE-2024-39504,CVE-2024-39507,CVE-2024-40901,CVE-2024-40906,CVE-2024-40908,CVE-2024-40919,CVE-2024-40923,CVE-2024-40925,CVE-2024-40928,CVE-2024-40931,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40947,CVE-2024-40948,CVE- 2024-40953,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40970,CVE-2024-40972,CVE-2024-40975,CVE-2024-40979,CVE-2024-40998,CVE-2024-40999,CVE-2024-41006,CVE-2024-41011,CVE-2024-41013,CVE-2024-41014,CVE-2024-41017,CVE-2024-41090,CVE-2024-41091 The SUSE Linux Enterprise Micro 6.0 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-40925: block: fix request.queuelist usage in flush (bsc#1227789). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39496: btrfs: zoned: fix use-after-free due to race with dev replace (bsc#1227719). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40975: platform/x86: x86-android-tablets: Unregister devices in reverse order (bsc#1227926). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40947: ima: Avoid blocking in RCU read-side critical section (bsc#1227803). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-39504: netfilter: nft_inner: validate mandatory meta and payload (bsc#1227757). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40928: net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (bsc#1227788). - CVE-2024-26944: btrfs: zoned: fix lock ordering in btrfs_zone_activate() (bsc#1223731). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-35908: tls: get psock ref after taking rxlock to avoid leak (bsc#1224490) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-27404: mptcp: fix data races on remote_id (bsc#1224422) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-40948: mm/page_table_check: fix crash on ZONE_DEVICE (bsc#1227801). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-27012: netfilter: nf_tables: restore set elements when delete set fails (bsc#1223804). - CVE-2024-39498: drm/mst: Fix NULL pointer dereference at drm_dp_add_payload_part2 (bsc#1227723) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-27016: netfilter: flowtable: validate pppoe header (bsc#1223807). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27064: netfilter: nf_tables: Fix a memory leak in nf_tables_updchain (bsc#1223740). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2023-47210: wifi: iwlwifi: bump FW API to 90 for BZ/SC devices (bsc#1225601, bsc#1225600). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-26826: mptcp: fix data re-injection from stale subflow (bsc#1223010). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-35942: pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain (bsc#1224589). - CVE-2024-26691: KVM: arm64: Fix circular locking dependency (bsc#1222463). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39474: mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL (bsc#1227434). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-36003: ice: fix LAG and VF lock dependency in ice_reset_vf() (bsc#1224544). - CVE-2024-38604: block: refine the EOF check in blkdev_iomap_begin (bsc#1226866). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26623: pds_core: Prevent race issues involving the adminq (bsc#1221057). - CVE-2024-26785: iommufd: Fix protection fault in iommufd_test_syz_conv_iova (bsc#1222779). - CVE-2024-26734: devlink: fix possible use-after-free and memory leaks in devlink_init() (bsc#1222438). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38566: bpf: Fix verifier assumptions about socket->sk (bsc#1226790). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-36030: Fixed the double free in rvu_npc_freemem() (bsc#1225712) - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2023-52434: Fixed potential OOBs in smb2_parse_contexts() (bsc#1220148). - CVE-2024-26860: Fixed a memory leak when rechecking the data (bsc#1223077). - CVE-2023-52772: Fixed use-after-free in unix_stream_read_actor() (bsc#1224989). - CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2024-35895: Fixed lock inversion deadlock in map delete elem (bsc#1224511). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-27036: Fixed writeback data corruption (bsc#1223810). - CVE-2024-35903: Fixed IP after emitting call depth accounting (bsc#1224493). - CVE-2024-35931: Fixed PCI error slot reset during RAS recovery (bsc#1224652). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2023-52771: Fixed delete_endpoint() vs parent unregistration race (bsc#1225007). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2024-27408: Fixed race condition in dmaengine w-edma/eDMA (bsc#1224430). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35921: Fixed oops when HEVC init fails (bsc#1224477). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2024-35991: Fixed kABI workaround for struct idxd_evl (bsc#1224553). - CVE-2024-27418: Fixed memory leak in mctp_local_output (bsc#1224720) - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2024-35917: Fixed Fix bpf_plt pointer arithmetic (bsc#1224481). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2023-52659: Fixed to pfn_to_kaddr() not treated as a 64-bit type (bsc#1224442). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). - CVE-2024-21823: Fixed safety flag to struct ends (bsc#1223625). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2023-52483: mctp: perform route lookups under a RCU read-side lock (bsc#1220738). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-26632: Fixed iterating over an empty bio with bio_for_each_folio_all (bsc#1221635). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-6238: Fixed kcalloc() arguments order (bsc#1217384). - CVE-2024-26946: Fixed copy_from_kernel_nofault() to read from unsafe address (bsc#1223669). - CVE-2024-26945: Fixed nr_cpus < nr_iaa case (bsc#1223732). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2023-52641: Fixed NULL ptr dereference checking at the end of attr_allocate_frame() (bsc#1222303) - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26865: rds: tcp: Fix use-after-free of net in reqsk_timer_handler() (bsc#1223062). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-26726: Fixed invalid drop extent_map for free space inode on write error (bsc#1222532) - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-26991: Fixed overflow lpage_info when checking attributes (bsc#1223695). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2024-27022: Fixed linking file vma until vma is fully initialized (bsc#1223774). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26899: Fixed deadlock between bd_link_disk_holder and partition scan (bsc#1223045). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26638: Fixed uninitialize struct msghdr completely (bsc#1221649). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26852: Fixed use-after-free in ip6_route_mpath_notify() (bsc#1223057). - CVE-2024-26909: Fixed drm bridge use-after-free (bsc#1223143). - CVE-2024-26674: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups (bsc#1222378). - CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26832: Fixed missing folio cleanup in writeback race path (bsc#1223007). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). The following non-security bugs were fixed: - 9p: add missing locking around taking dentry fid list (git-fixes) - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: EC: Evaluate orphan _REG under EC device (git-fixes). - ACPI: EC: Install address space handler at the namespace root (stable-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Add PNP_UART1_SKIP quirk for Lenovo Blade2 tablets (stable-fixes). - ACPI: x86: Force StorageD3Enable on more products (stable-fixes). - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: PCM: Allow resume only for suspended streams (stable-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (bsc#1228269). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (bsc#1228269). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14AHP9 (stable-fixes). - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14ARP8 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda/realtek: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: cs35l41: Fixup remaining asus strix models (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: hda/tas2781: Add new quirk for Lenovo Hera2 Laptop (stable-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l41: Fix swapped l/r audio channels for Lenovo ThinBook 13x Gen4 (git-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41_hda_unbind() (git-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 13x Gen 4 (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo Thinkbook 16P Gen 5 (stable-fixes). - ALSA: hda: cs35l41: Update DSP1RX5/6 Sources for DSP config (stable-fixes). - ALSA: hda: cs35l56: Component should be unbound before deconstruction (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifecycle of codec pointer (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: hda: tas2781: Component should be unbound before deconstruction (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add correct product series name to messages (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing MSB in MIDI2 SPP conversion (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix missing channel at encoding RPN/NRPN MIDI2 messages (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix missing System Reset message handling (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: seq: ump: Skip useless ports for static blocks (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Do not update FB name for static blocks (git-fixes). - ALSA: ump: Force 1 Group for MIDI1 FBs (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: add ACPI matching tables for Arrow Lake (stable-fixes). - ASoC: Intel: sof-sdw: really remove FOUR_SPEAKER quirk (git-fixes). - ASoC: Intel: sof_sdw: add JD2 quirk for HP Omen 14 (stable-fixes). - ASoC: Intel: sof_sdw: add quirk for Dell SKU 0C0F (stable-fixes). - ASoC: Intel: use soc_intel_is_byt_cr() only when IOSF_MBI is reachable (git-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: hda-pcm: Limit the maximum number of periods by MAX_BDL_ENTRIES (stable-fixes). - ASoC: SOF: Intel: hda: fix null deref on system suspend entry (git-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: imx8m: Fix DSP control regmap retrieval (git-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (git-fixes). - ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (stable-fixes). - ASoC: SOF: pcm: Restrict DSP D0i3 during S0ix to IPC3 (stable-fixes). - ASoC: SOF: sof-audio: Skip unprepare for in-use widgets on error rollback (stable-fixes). - ASoC: TAS2781: Fix tasdev_load_calibrated_data() (git-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes). - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M5602RA (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E16 Gen 2 (bsc#1228269). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l41: Update DSP1RX5/6 Sources for DSP config (git-fixes). - ASoC: cs35l56: Accept values greater than 0 as IRQ numbers (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes). - ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: q6apm-lpass-dai: close graph on prepare errors (git-fixes). - ASoC: qcom: Adjust issues in case of DT error in asoc_qcom_lpass_cpu_platform_probe() (git-fixes). - ASoC: rockchip: i2s-tdm: Fix trcm mode by setting clock on right mclk (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt711-sdw: add missing readable registers (stable-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt722-sdca-sdw: add debounce time for type detection (stable-fixes). - ASoC: rt722-sdca-sdw: add silence detection register as volatile (stable-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: sof: amd: fix for firmware reload failure in Vangogh platform (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ASoC: topology: Do not assign fields that are already set (stable-fixes). - ASoC: topology: Fix references to freed memory (stable-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoc: tas2781: Enable RCA-based playback without DSP firmware download (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: ISO: Check socket flag instead of hcon (git-fixes). - Bluetooth: ISO: Fix BIS cleanup (stable-fixes). - Bluetooth: Ignore too large handle values in BIG (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - Bluetooth: btintel: Refactor btintel_set_ppag() (git-fixes). - Bluetooth: btnxpuart: Add handling for boot-signature timeout errors (git-fixes). - Bluetooth: btnxpuart: Enable Power Save feature on startup (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: hci_bcm4377: Fix msgid release (git-fixes). - Bluetooth: hci_bcm4377: Use correct unit for timeouts (git-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: Fix setting of unicast qos interval (git-fixes). - Bluetooth: hci_event: Remove code to removed CONFIG_BT_HS (stable-fixes). - Bluetooth: hci_event: Set QoS encryption from BIGInfo report (git-fixes). - Bluetooth: hci_sync: Using hci_cmd_sync_submit when removing Adv Monitor (bsc#1219216). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: set power_ctrl_enabled on NULL returned by gpiod_get_optional() (git-fixes). - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - Enable CONFIG_FIPS_SIGNATURE_SELFTEST (bsc#1222771) - Enable CONFIG_SCHED_CLUSTER=y on arm64 (jsc#PED-8701). - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_ECDSA. - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_RSA. - Fix a potential infinite loop in extract_user_to_sg() (git-fixes). - Fix build errors due to new UIO_MEM_DMA_COHERENT mess (git-fixes). - Fix missing CONFIG_SUSE_SUPPORTED for arm64/64kb flavor (bsc#1223357) - HID: Add quirk for Logitech Casa touchpad (stable-fixes). - HID: Ignore battery for ELAN touchscreens 2F2C and 4116 (stable-fixes). - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: core: remove unnecessary WARN_ON() in implement() (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: mcp-2221: cancel delayed_work only when CONFIG_IIO is enabled (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - Input: ads7846 - use spi_device_id table (stable-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: i8042 - add Ayaneo Kun to i8042 quirk table (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI (git-fixes). - Input: xpad - add support for ASUS ROG RAIKIRI PRO (stable-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: SEV-ES: Delegate LBR virtualization to the processor (git-fixes). - KVM: SEV-ES: Disallow SEV-ES guests when X86_FEATURE_LBRV is absent (git-fixes). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: add barriers when testing for NFS_FSDATA_BLOCKED (git-fixes). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - NFSD: Fix checksum mismatches in the duplicate reply cache (git-fixes). - NFSv4.1 enforce rootpath check in fs_location query (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/MSI: Fix UAF in msi_capability_init (git-fixes). - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Do not wait for disconnected devices when resuming (git-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: dw-rockchip: Fix initial PERST# GPIO value (git-fixes). - PCI: dwc: Fix index 0 incorrectly being interpreted as a free ATU slot (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: endpoint: Clean up error handling in vpci_scan_bus() (git-fixes). - PCI: endpoint: Fix error handling in epf_ntb_epc_cleanup() (git-fixes). - PCI: endpoint: pci-epf-test: Make use of cached 'epc_features' in pci_epf_test_core_init() (git-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI: qcom-ep: Disable resources unconditionally during PERST# assert (git-fixes). - PCI: rcar: Demote WARN() to dev_warn_ratelimited() in rcar_pcie_wakeup() (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - PCI: vmd: Create domain symlink before pci_bus_add_devices() (bsc#1227363). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - Port 'certs: Add ECDSA signature verification self-test'. - Port 'certs: Move RSA self-test data to separate file'. - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/bnxt_re: Fix the max msix vectors macro (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/mlx5: Add check for srq max_sge attribute (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Ensure created mkeys always have a populated rb_key (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Fix unwind flow as part of mlx5_ib_stage_init_init (git-fixes) - RDMA/mlx5: Follow rb_key.ats when creating new mkeys (git-fixes) - RDMA/mlx5: Remove extra unlock on error path (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/restrack: Fix potential invalid address access (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix data copy for IB_SEND_INLINE (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix responder length checking for UD request packets (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - SEV: disable SEV-ES DebugSwap by default (git-fixes). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64: Add the arm64.no32bit_el0 command line option (jsc#PED-3184). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: freescale: imx8mm-verdin: enable hysteresis on slow input (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx93-11x11-evk: Remove the 'no-sdio' property (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add mdio and ethernet-phy nodes to (git-fixes) - arm64: dts: rockchip: Add missing power-domains for rk356x vop_mmu (git-fixes) - arm64: dts: rockchip: Add pinctrl for UART0 to rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Add sdmmc related properties on (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: Drop invalid mic-in-differential on (git-fixes) - arm64: dts: rockchip: Fix SD NAND and eMMC init on rk3308-rock-pi-s (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on (git-fixes) - arm64: dts: rockchip: Fix mic-in-differential usage on rk3566-roc-pc (git-fixes) - arm64: dts: rockchip: Fix the DCDC_REG2 minimum voltage on Quartz64 (git-fixes) - arm64: dts: rockchip: Fix the value of `dlg,jack-det-rate` mismatch (git-fixes) - arm64: dts: rockchip: Increase VOP clk rate on RK3328 (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: Rename LED related pinctrl nodes on (git-fixes) - arm64: dts: rockchip: Update WIFi/BT related nodes on (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ata,scsi: libata-core: Do not leak memory for ata_port struct members (git-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - ata: libata-scsi: Fix offsets for the fixed format sense data (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - auxdisplay: ht16k33: Drop reference after LED registration (git-fixes). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix refcount imbalance on inbound connections (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - bitops: add missing prototype check (git-fixes). - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: Move checking GENHD_FL_NO_PART to bdev_add_partition() (bsc#1226213). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: Remove xdp_do_flush_map() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always clear PERTRANS metadata during commit (git-fixes) - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid start and commit empty transaction when flushing qgroups (bsc#1220120). - btrfs: avoid start and commit empty transaction when starting qgroup rescan (bsc#1220120). - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: error when COWing block from a root that is being deleted (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: host: allow MHI client drivers to provide the firmware via a pointer (bsc#1227149). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - can: mcp251xfd: fix infinite loop when xmit fails (git-fixes). - cdrom: rearrange last_media_change check to avoid unintentional overflow (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228417). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - certs: Add ECDSA signature verification self-test (bsc#1222777). - certs: Move RSA self-test data to separate file (bsc#1222777). - char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: Add a laundromat thread for cached directories (git-fixes, bsc#1225172). - cifs: Do not use certain unnecessary folio_*() functions (bsc#1225172). - cifs: account for primary channel in the interface list (bsc#1225172). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1225172). - cifs: distribute channels across interfaces based on speed (bsc#1225172). - cifs: do not pass cifs_sb when trying to add channels (bsc#1225172). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1225172). - cifs: fix charset issue in reconnection (bsc#1225172). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1225172). - cifs: handle cases where a channel is closed (bsc#1225172). - cifs: handle cases where multiple sessions share connection (bsc#1225172). - cifs: reconnect work should have reference on server struct (bsc#1225172). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use (git-fixes). - clk: mediatek: mt8183: Only enable runtime PM on mt8183-mfgcfg (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: clk-alpha-pll: set ALPHA_EN bit for Stromer Plus PLLs (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: gcc-sm6350: Fix gpll6* & gpll7 parents (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clkdev: Update clkdev id usage to allow for longer names (stable-fixes). - config/arm64: Enable CoreSight PMU drivers (bsc#1228289 jsc#PED-7859) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - counter: ti-eqep: enable clock at probe (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (git-fixes). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - cpufreq: amd-pstate: fix memory leak on CPU EPP exit (stable-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpufreq: ti-cpufreq: Handle deferred probe with dev_err_probe() (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto/ecdh: make ecdh_compute_value() to zeroize the public key (bsc#1222768). - crypto/ecdsa: make ecdsa_ecc_ctx_deinit() to zeroize the public key (bsc#1222768). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - Fix null pointer dereference in __sev_snp_shutdown_locked (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/debugfs - Fix debugfs uninit process issue (stable-fixes). - crypto: hisilicon/qm - Add the err memory release process to qm uninit (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - extend scope of lock in adf_cfg_add_key_value_param() (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxgb4: Properly lock TX queue for the selftest (bsc#1214683 (PREEMPT_RT prerequisite backports)). - cxl/region: Fix cxlr_pmem leaks (git-fixes). - cxl/region: Fix memregion leaks in devm_cxl_add_region() (git-fixes). - cxl/test: Add missing vmalloc.h for tools/testing/cxl/test/mem.c (git-fixes). - cxl/trace: Correct DPA field masks for general_media & dram events (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dlm: fix user space lock decision to copy lvb (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix error path in ioat3_dma_probe() (git-fixes). - dmaengine: ioatdma: Fix kmemleak in ioat_pci_probe() (git-fixes). - dmaengine: ioatdma: Fix leaking on version mismatch (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - dmaengine: ti: k3-udma: Fix BCHAN count with UHC and HC channels (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - docs: netdev: Fix typo in Signed-off-by tag (git-fixes). - dpll: spec: use proper enum for pin capabilities attribute (git-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drivers/xen: Improve the late XenStore init protocol (git-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drivers: soc: xilinx: check return status of get_api_version() (git-fixes). - drm/amd/amdgpu: Fix uninitialized variable warnings (git-fixes). - drm/amd/display: ASSERT when failing to find index by plane/stream id (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add refresh rate range check (stable-fixes). - drm/amd/display: Allocate zero bw after bw alloc enable (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Disable seamless boot on 128b/132b encoding (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Fix DC mode screen flickering on DCN321 (stable-fixes). - drm/amd/display: Fix array-index-out-of-bounds in dml2/FCLKChangeSupport (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: Fix overlapping copy within dml_core_mode_programming (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Fix refresh rate range for some panel (stable-fixes). - drm/amd/display: Fix uninitialized variables in DM (stable-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Move 'struct scaler_data' off stack (git-fixes). - drm/amd/display: Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Revert Remove pixle rate limit for subvp (stable-fixes). - drm/amd/display: Send DP_TOTAL_LTTPR_CNT during detection if LTTPR is present (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/display: Skip pipe if the pipe idx not set properly (stable-fixes). - drm/amd/display: Update efficiency bandwidth for dcn351 (stable-fixes). - drm/amd/display: Workaround register access in idle race with cursor (stable-fixes). - drm/amd/display: change dram_clock_latency to 34us for dcn35 (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: Restore config space after reset (stable-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: Fix VRAM memory accounting (stable-fixes). - drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode() (git-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: Fix memory range calculation (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Indicate CU havest info to CP (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (stable-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix locking scope when flushing tlb (stable-fixes). - drm/amdgpu: fix the warning about the expression (int)size - len (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: init microcode chip name from ip versions (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu: silence UBSAN warning (stable-fixes). - drm/amdkfd: Add VRAM accounting for SVM migration (stable-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: Fix CU Masking for GFX 9.4.3 (git-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Let VRAM allocations go to GTT domain on small APUs (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/arm/komeda: Fix komeda probe failing if there are no links in the secondary pipeline (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: anx7625: Update audio status while detecting (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: it6505: fix hibernate to resume no display issue (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: samsung-dsim: Set P divider based on min/max of fin pll (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/ci: update device type for volteer devices (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/drm_file: Fix pid refcounting race (git-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/etnaviv: fix tx clock gating on some GC7000 variants (stable-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/exynos: dp: drop driver owner initialization (stable-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/fbdev-dma: Fix framebuffer mode for big endian devices (git-fixes). - drm/fbdev-dma: Only set smem_start is enable per module option (git-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm/fbdev-generic: Fix framebuffer on big endian devices (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/dp: Do not switch the LTTPR mode on an active link (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Get rid of devm (stable-fixes). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/i915: Disable live M/N updates when using bigjoiner (stable-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: Add DRM_MODE_ROTATE_0 to rotation property (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/mediatek: Add missing plane settings when async update (git-fixes). - drm/mediatek: Call drm_atomic_helper_shutdown() at shutdown time (stable-fixes). - drm/mediatek: Fix XRGB setting error in Mixer (git-fixes). - drm/mediatek: Fix XRGB setting error in OVL (git-fixes). - drm/mediatek: Fix bit depth overwritten for mtk_ovl_set bit_depth() (git-fixes). - drm/mediatek: Fix destination alpha error in OVL (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/mediatek: Remove less-than-zero comparison of an unsigned value (git-fixes). - drm/mediatek: Set DRM mode configs accordingly (git-fixes). - drm/mediatek: Support DRM plane alpha in Mixer (git-fixes). - drm/mediatek: Support DRM plane alpha in OVL (git-fixes). - drm/mediatek: Support RGBA8888 and RGBX8888 in OVL on MT8195 (git-fixes). - drm/mediatek: Turn off the layers with zero width or height (git-fixes). - drm/mediatek: Use 8-bit alpha in ETHDR (git-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_generic_write_seq() (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/dpu: fix encoder irq wait skip (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/msm/dsi: set VIDEO_COMPRESSION_MODE_CTRL_WC (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/nouveau: do not attempt to schedule hpd_work on headless cards (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: himax-hx8394: Handle errors from mipi_dsi_dcs_set_display_on() better (git-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: ilitek-ili9882t: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: ilitek-ili9882t: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panel: sitronix-st7789v: Add check for of_drm_get_panel_orientation (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Fix the port mux of VP2 (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/sun4i: hdmi: Convert encoder to atomic (stable-fixes). - drm/sun4i: hdmi: Move mode_set into enable (stable-fixes). - drm/ttm: Always take the bo delayed cleanup path for imported bos (git-fixes). - drm/udl: Remove DRM_CONNECTOR_POLL_HPD (git-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Do not memcmp equivalent pointers (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm: panel-orientation-quirks: Add quirk for Aya Neo KUN (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - drm: zynqmp_dpsub: Fix an error handling path in zynqmp_dpsub_probe() (git-fixes). - drm: zynqmp_kms: Fix AUX bus not getting unregistered (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (stable-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - efi/x86: Free EFI memory map only when installing a new one (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - erofs: ensure m_llen is reset to 0 if metadata is invalid (git-fixes). - exfat: fix potential deadlock on __exfat_get_dentry_set (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - f2fs: fix error path of __f2fs_build_free_nids (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - filelock: fix potential use-after-free in posix_lock_inode (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: psci: Fix return value from psci_system_suspend() (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fpga: dfl-pci: add PCI subdevice ID for Intel D5005 card (stable-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fs/file: fix the check in find_next_fd() (git-fixes). - fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes). - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs: relax mount_setattr() permission checks (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - fuse: verify {g,u}id mount options correctly (bsc#1228193). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - genirq/irqdesc: Prevent use-after-free in irq_find_at_or_after() (git-fixes). - gfs2: Do not forget to complete delayed withdraw (git-fixes). - gfs2: Fix 'ignore unlock failures after withdraw' (git-fixes). - gfs2: Fix invalid metadata access in punch_hole (git-fixes). - gfs2: Get rid of gfs2_alloc_blocks generation parameter (git-fixes). - gfs2: Rename gfs2_lookup_{ simple => meta } (git-fixes). - gfs2: Use mapping->gfp_mask for metadata inodes (git-fixes). - gfs2: convert to ctime accessor functions (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: lpc32xx: fix module autoloading (stable-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (stable-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: tqmx86: fix broken IRQ_TYPE_EDGE_BOTH interrupt type (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpio: tqmx86: store IRQ trigger type and unmask status separately (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwrng: amd - Convert PCIBIOS_* return codes to errnos (git-fixes). - hwrng: core - Fix wrong quality calculation at hw rng registration (git-fixes). - i2c: acpi: Unbind mux adapters before delete (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: i801: Annotate apanel_addr as __ro_after_init (stable-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i40e: fix: remove needless retries of NVM update (bsc#1227736). - ice: fix enabling RX VLAN filtering (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - iio: Fix the sorting functionality in iio_gts_build_avail_time_table (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: accel: mxc4005: Reset chip on probe() and resume() (stable-fixes). - iio: accel: mxc4005: allow module autoloading via OF compatible (stable-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: adc: ad9467: use chip_info variables instead of array (stable-fixes). - iio: adc: ad9467: use spi_get_device_match_data() (stable-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: frequency: adrf6780: rm clk provider include (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - iio: pressure: bmp280: Fix BMP580 temperature reading (stable-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio: pressure: fix some word spelling errors (stable-fixes). - iio: xilinx-ams: Do not include ams_ctrl_channels in scan_mask (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - input: Add event code for accessibility key (stable-fixes). - input: Add support for 'Do Not Disturb' (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID (git-fixes). - io-wq: write next_work before dropping acct_lock (git-fixes). - io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (git-fixes). - io_uring/io-wq: avoid garbage value of 'match' in io_wq_enqueue() (git-fixes). - io_uring/kbuf: get rid of bl->is_ready (git-fixes). - io_uring/kbuf: get rid of lower BGID lists (git-fixes). Including kabi preservation patch. - io_uring/kbuf: protect io_buffer_list teardown with a reference (git-fixes). - io_uring/kbuf: rename is_mapped (git-fixes). - io_uring/net: correct the type of variable (git-fixes). - io_uring/net: correctly handle multishot recvmsg retry setup (git-fixes). - io_uring/net: fix sendzc lazy wake polling (git-fixes). - io_uring/net: move receive multishot out of the generic msghdr path (git-fixes). - io_uring/net: restore msg_control on sendzc retry (git-fixes). - io_uring/net: unify how recvmsg and sendmsg copy in the msghdr (git-fixes). - io_uring/rsrc: do not lock while !TASK_RUNNING (git-fixes). - io_uring/rsrc: fix incorrect assignment of iter->nr_segs in io_import_fixed (git-fixes). - io_uring/rw: do not allow multishot reads without NOWAIT support (git-fixes). - io_uring/rw: return IOU_ISSUE_SKIP_COMPLETE for multishot retry (git-fixes). - io_uring/sqpoll: work around a potential audit memory leak (git-fixes). - io_uring/unix: drop usage of io_uring socket (git-fixes). - io_uring: Fix io_cqring_wait() not restoring sigmask on get_timespec64() failure (git-fixes). - io_uring: clean rings on NO_MMAP alloc fail (git-fixes). - io_uring: clear opcode specific data for an early failure (git-fixes). - io_uring: do not save/restore iowait state (git-fixes). - io_uring: fail NOP if non-zero op flags is passed in (git-fixes). - io_uring: fix io_queue_proc modifying req->flags (git-fixes). - io_uring: fix mshot io-wq checks (git-fixes). - io_uring: fix mshot read defer taskrun cqe posting (git-fixes). - io_uring: fix poll_remove stalled req completion (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - io_uring: remove looping around handling traditional task_work (git-fixes). - io_uring: remove unconditional looping in local task_work handling (git-fixes). - io_uring: use private workqueue for exit work (git-fixes). - io_uring: use the right type for work_llist empty check (git-fixes). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu/amd: Enhance def_domain_type to handle untrusted device (git-fixes). - iommu/amd: Fix panic accessing amd_iommu_enable_faulting (bsc#1224767). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/vt-d: Allocate DMAR fault interrupts locally (bsc#1224767). - iommu/vt-d: Fix WARN_ON in iommu probe path (git-fixes). - iommu/vt-d: Improve ITE fault handling if target device isn't present (git-fixes). - iommu/vt-d: Use rbtree to track iommu probed devices (git-fixes). - iommu: Fix compilation without CONFIG_IOMMU_INTEL (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu: Undo pasid attachment only for the devices that have succeeded (git-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - ipmi: ssif_bmc: prevent integer overflow on 32bit systems (git-fixes). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - iwlwifi: fw: fix more kernel-doc warnings (bsc#1227149). - iwlwifi: mvm: Drop unused fw_trips_index[] from iwl_mvm_thermal_device (bsc#1227149). - iwlwifi: mvm: Populate trip table before registering thermal zone (bsc#1227149). - iwlwifi: mvm: Use for_each_thermal_trip() for walking trip points (bsc#1227149). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI fix of KVM: x86/pmu: Allow programming events that match unsupported arch events (bsc#1225696). - kABI fix of KVM: x86/pmu: Prioritize VMX interception over - kABI fix of KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - kABI workaround for cs35l56 (git-fixes). - kABI workaround for of driver changes (git-fixes). - kABI workaround for sof_ipc_pcm_ops (git-fixes). - kABI workaround for wireless updates (bsc#1227149). - kABI: bpf: verifier kABI workaround (bsc#1225903). - kabi fix of perf/x86/intel: Expose existence of callback support to KVM (git fixes). - kabi/severities: Ignore io_uring internal symbols - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kabi/severities: cleanup and update for WiFi driver entries (bsc#1227149) - kabi/severities: cover all ath/* drivers (bsc#1227149) All symbols in ath/* network drivers are local and can be ignored - kabi/severities: cover all mt76 modules (bsc#1227149) - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore amd pds internal symbols - kabi/severities: ignore kABI changes Realtek WiFi drivers (bsc#1227149) All those symbols are local and used for its own helpers - kabi/severities: ignore xfrm_bpf_md_dst that depends on CONFIG_DEBUG_* (bsc#1223415) - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kasan, fortify: properly rename memintrinsics (git-fixes). - kbuild: Fix build target deb-pkg: ln: failed to create hard link (git-fixes). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kbuild: avoid build error when single DTB is turned into composite DTB (git-fixes). - kbuild: doc: Update default INSTALL_MOD_DIR from extra to updates (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kconfig: gconf: give a proper initial state to the Save button (stable-fixes). - kconfig: remove wrong expr_trans_bool() (stable-fixes). - kcov: do not lose track of remote references during softirqs (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - kheaders: explicitly define file modes for archived headers (stable-fixes). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobe/ftrace: bail out if ftrace was killed (git-fixes). - kprobe/ftrace: fix build error due to bad function definition (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - kunit: Fix checksum tests on big endian CPUs (git-fixed). - leds: flash: leds-qcom-flash: Test the correct variable in init (git-fixes). - leds: mt6360: Fix memory leak in mt6360_init_isnk_properties() (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228192). - libperf evlist: Avoid out-of-bounds access (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mISDN: Fix a use after free in hfcmulti_tx() (git-fixes). - mISDN: fix MISDN_TIME_STAMP handling (git-fixes). - mac802154: fix time calculation in ieee802154_configure_durations() (git-fixes). - mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: Fix imx412 exposure control (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: imx-jpeg: Drop initial source change event if capture has been setup (git-fixes). - media: imx-jpeg: Remove some redundant error logs (git-fixes). - media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: pci: ivtv: Add check for DMA map result (git-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: rcar-vin: Fix YUYV8_1X16 handling for CSI-2 (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: renesas: vsp1: Fix _irqsave and _irq mix (git-fixes). - media: renesas: vsp1: Store RPF partition configuration per RPF instance (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - media: v4l: async: Fix NULL pointer dereference in adding ancillary links (git-fixes). - media: v4l: subdev: Fix typo in documentation (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mfd: pm8008: Fix regmap irq chip initialisation (git-fixes). - misc: fastrpc: Avoid updating PD type for capability request (git-fixes). - misc: fastrpc: Copy the complete capability structure to user (git-fixes). - misc: fastrpc: Fix DSP capabilities request (git-fixes). - misc: fastrpc: Fix memory leak in audio daemon attach operation (git-fixes). - misc: fastrpc: Fix ownership reassignment of remote heap (git-fixes). - misc: fastrpc: Restrict untrusted app to attach to privileged PD (git-fixes). - misc: microchip: pci1xxxx: Fix a memory leak in the error handling of gp_aux_bus_probe() (git-fixes). - misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-brcmstb: check R1_STATUS for erase/trim/discard (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Add support for 'Tuning Error' interrupts (stable-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - module: do not ignore sysfs_create_link() failures (git-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mt76: connac: move more mt7921/mt7915 mac shared code in connac lib (bsc#1227149). - mt76: mt7996: rely on mt76_sta_stats in mt76_wcid (bsc#1227149). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: Fix the nand_read_data_op() early check (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5: Fix MTMP register capability offset in MCAM register (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net: Remove conditional threaded-NAPI wakeup based on task state (bsc#1214683 (PREEMPT_RT prerequisite backports)). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_wed: introduce mtk_wed_buf structure (bsc#1227149). - net: ethernet: mtk_wed: rename mtk_rxbm_desc in mtk_wed_bm_desc (bsc#1227149). - net: fec: Set mac_managed_pm during probe (git-fixes). - net: fill in MODULE_DESCRIPTION()s in kuba@'s modules (bsc#1227149). - net: hns3: Remove io_stop_wc() calls after __iowrite64_copy() (bsc#1226502) - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Support WOL at both the PHY and MAC appropriately (git-fixes). - net: lan743x: disable WOL upon resume to restore full data path operation (git-fixes). - net: mac802154: Fix racy device stats updates by DEV_STATS_INC() and DEV_STATS_ADD() (stable-fixes). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: phy: micrel: fix KSZ9477 PHY issues after suspend/resume (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: microchip: lan87xx: reinit PHY after cable test (git-fixes). - net: phy: mxl-gpy: Remove interrupt mask clearing from config_init (git-fixes). - net: phy: phy_device: Fix PHY LED blinking code comment (git-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Always update error counters (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (stable-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (git-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Block on write congestion (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfs: Drop pointless check from nfs_commit_release_pages() (bsc#1218442). - nfs: Fix up kabi after adding write_congestion_wait (bsc#1218442). - nfs: Handle error of rpc_proc_register() in nfs_net_init() (git-fixes). - nfs: Properly initialize server->writeback (bsc#1218442). - nfs: drop the incorrect assertion in nfs_swap_rw() (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nilfs2: return the mapped address from nilfs_get_page() (stable-fixes). - nouveau: add an ioctl to report vram usage (stable-fixes). - nouveau: add an ioctl to return vram bar size (stable-fixes). - nouveau: report byte usage in VRAM usage (git-fixes). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-multipath: fix io accounting on failover (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: cancel pending I/O if nvme controller is in terminal state (bsc#1226503). - nvme: do not retry authentication failures (bsc#1186716). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme: fix nvme_pr_* status code parsing (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet-auth: replace pr_debug() with pr_err() to report an error (git-fixes). - nvmet-auth: return the error code to the nvmet_auth_host_hash() callers (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet-tcp: fix possible memory leak when tearing down a controller (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - nvmet: fix nvme status code when namespace is disabled (git-fixes). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: prevent sprintf() overflow in nvmet_subsys_nsid_exists() (git-fixes). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (git-fixes). - ocfs2: fix races between hole punching and AIO+DIO (git-fixes). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: use coarse time for new created files (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - orangefs: fix out-of-bounds fsid access (git-fixes). - pNFS/filelayout: fixup pNfs allocation modes (git-fixes). - perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline() (git-fixes). - perf annotate: Get rid of duplicate --group option item (git-fixes). - perf auxtrace: Fix multiple use of --itrace option (git-fixes). - perf bench internals inject-build-id: Fix trap divide when collecting just one DSO (git-fixes). - perf bench uprobe: Remove lib64 from libc.so.6 binary path (git-fixes). - perf bpf: Clean up the generated/copied vmlinux.h (git-fixes). - perf daemon: Fix file leak in daemon_session__control (git-fixes). - perf docs: Document bpf event modifier (git-fixes). - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (git-fixes). - perf expr: Fix 'has_event' function for metric style events (git-fixes). - perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) (git-fixes). - perf jevents: Drop or simplify small integer values (git-fixes). - perf list: fix short description for some cache events (git-fixes). - perf lock contention: Add a missing NULL check (git-fixes). - perf metric: Do not remove scale from counts (git-fixes). - perf pmu: Count sys and cpuid JSON events separately (git fixes). - perf pmu: Fix a potential memory leak in perf_pmu__lookup() (git-fixes). - perf pmu: Treat the msr pmu as software (git-fixes). - perf print-events: make is_event_supported() more robust (git-fixes). - perf probe: Add missing libgen.h header needed for using basename() (git-fixes). - perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording (git-fixes). - perf record: Delete session after stopping sideband thread (git-fixes). - perf record: Fix debug message placement for test consumption (git-fixes). - perf record: Fix possible incorrect free in record__switch_output() (git-fixes). - perf report: Avoid SEGV in report__setup_sample_type() (git-fixes). - perf sched timehist: Fix -g/--call-graph option failure (git-fixes). - perf script: Show also errors for --insn-trace option (git-fixes). - perf srcline: Add missed addr2line closes (git-fixes). - perf stat: Avoid metric-only segv (git-fixes). - perf stat: Do not display metric header for non-leader uncore events (git-fixes). - perf stat: Do not fail on metrics on s390 z/VM systems (git-fixes). - perf symbols: Fix ownership of string in dso__load_vmlinux() (git-fixes). - perf test shell arm_coresight: Increase buffer size for Coresight basic tests (git-fixes). - perf tests: Apply attributes to all events in object code reading test (git-fixes). - perf tests: Make 'test data symbol' more robust on Neoverse N1 (git-fixes). - perf thread: Fixes to thread__new() related to initializing comm (git-fixes). - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (git-fixes). - perf top: Uniform the event name for the hybrid machine (git-fixes). - perf top: Use evsel's cpus to replace user_requested_cpus (git-fixes). - perf ui browser: Avoid SEGV on title (git fixes). - perf ui browser: Do not save pointer to stack memory (git-fixes). - perf vendor events amd: Add Zen 4 memory controller events (git-fixes). - perf vendor events amd: Fix Zen 4 cache latency events (git-fixes). - perf/x86/amd/lbr: Discard erroneous branch entries (git-fixes). - perf/x86/intel/ds: Do not clear ->pebs_data_cfg for the last PEBS event (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - perf/x86: Fix out of range data (git-fixes). - perf: Enqueue SIGTRAP always via task_work (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf: Move irq_work_queue() where the event is prepared (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf: Remove perf_swevent_get_recursion_context() from perf_pending_task() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - perf: Split __perf_pending_irq() out of perf_pending_irq() (bsc#1214683 (PREEMPT_RT prerequisite backports)). - phy: cadence-torrent: Check return value on register read (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: renesas: r8a779g0: FIX PWM suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF1 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix (H)SCIF3 suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix CANFD5 suffix (git-fixes). - pinctrl: renesas: r8a779g0: Fix FXR_TXEN[AB] suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix IRQ suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TCLK suffixes (git-fixes). - pinctrl: renesas: r8a779g0: Fix TPU suffixes (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86/intel/tpmi: Handle error from tpmi_process_info() (stable-fixes). - platform/x86: ISST: Add Grand Ridge to HPM CPU list (stable-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: lg-laptop: Use ACPI device handle when evaluating WMAB/WMBB (stable-fixes). - platform/x86: thinkpad_acpi: Take hotkey_mutex during hotkey_exit() (git-fixes). - platform/x86: toshiba_acpi: Add quirk for buttons on Z830 (stable-fixes). - platform/x86: toshiba_acpi: Fix array out-of-bounds access (git-fixes). - platform/x86: toshiba_acpi: Fix quickstart quirk handling (git-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: ab8500: Fix error handling when calling iio_read_channel_processed() (git-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - power: supply: ingenic: Fix some error handling paths in ingenic_battery_get_property() (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - powerpc/64s/radix/kfence: map __kfence_pool at page granularity (bsc#1223570 ltc#205770). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/prom: Add CPU info to hardware description string later (bsc#1215199). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pwm: sti: Prepare removing pwm_chip from driver data (stable-fixes). - pwm: sti: Simplify probe function using devm functions (git-fixes). - pwm: stm32: Always do lazy disabling (git-fixes). - qibfs: fix dentry leak (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regmap: Add regmap_read_bypassed() (git-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init (git-fixes). - remoteproc: imx_rproc: Skip over memory region when node value is NULL (git-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Fix IPC-only mode detection (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32_rproc: Fix mailbox interrupts queuing (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Only update pages_touched when a new page is touched (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rtc: abx80x: Fix return value of nvmem callback on read (git-fixes). - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Make use of invalid opcode produce a link error (git-fixes bsc#1227072). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224348). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/debug: Update stale reference to sched_debug.c (bsc#1214683 (PREEMPT_RT prerequisite backports)). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests/kcmp: remove unused open mode (git-fixes). - selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (git-fixes). - selftests/mm: fix build warnings on ppc64 (stable-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: fix OOM in msg_zerocopy selftest (git-fixes). - selftests: hsr: Extend the testsuite to also cover HSRv1 (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests: hsr: Reorder the testsuite (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests: hsr: Use `let' properly (bsc#1214683 (PREEMPT_RT prerequisite backports)). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: make order checking verbose in msg_zerocopy selftest (git-fixes). - selftests: mptcp: add ms units for tc-netem delay (stable-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests: sud_test: return correct emulated syscall value on RISC-V (stable-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: bcm63xx-uart: fix tx after conversion to uart_port_tx_limited() (git-fixes). - serial: core: introduce uart_port_tx_limited_flags() (git-fixes). - serial: exar: adding missing CTI and Exar PCI ids (stable-fixes). - serial: imx: Introduce timeout when waiting on transmitter empty (stable-fixes). - serial: imx: Raise TX trigger level to 8 (stable-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max3100: Update uart_driver_registered on driver removal (git-fixes). - serial: pch: Do not disable interrupts while acquiring lock in ISR (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Do not initialize uart_port's spin_lock (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Invoke handle_rx_to() directly (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: pch: Make push_rx() return void (bsc#1214683 (PREEMPT_RT prerequisite backports)). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - smb3: allow controlling length of time directory entries are cached with dir leases (git-fixes, bsc#1225172). - smb3: allow controlling maximum number of cached directories (git-fixes, bsc#1225172). - smb3: do not start laundromat thread when dir leases disabled (git-fixes, bsc#1225172). - smb3: show beginning time for per share stats (bsc#1225172). - smb: client: do not start laundromat thread on nohandlecache (git-fixes, bsc#1225172). - smb: client: ensure to try all targets when finding nested links (bsc#1225172). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1225172). - smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes, bsc#1225172). - smb: client: get rid of dfs code dep in namespace.c (bsc#1225172). - smb: client: get rid of dfs naming in automount code (bsc#1225172). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1225172). - smb: client: make laundromat a delayed worker (git-fixes, bsc#1225172). - smb: client: prevent new fids from being removed by laundromat (git-fixes, bsc#1225172). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1225172). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1225172). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1225172). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: pdr: fix parsing of domains lists (git-fixes). - soc: qcom: pdr: protect locator_addr with the main mutex (git-fixes). - soc: qcom: pmic_glink: Handle the return value of pmic_glink_init (git-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - soc: qcom: rpmh-rsc: Ensure irqs are not disabled by rpmh_rsc_send_data() callers (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soc: xilinx: rename cpu_number1 to dummy_cpu_number (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: atmel-quadspi: Add missing check for clk_prepare (git-fixes). - spi: cadence: Ensure data lines set to low during dummy-cycle period (stable-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: hisi-kunpeng: Delete the dump interface of data registers in debugfs (git-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: microchip-core: defer asserting chip select until just before write to TX FIFO (git-fixes). - spi: microchip-core: ensure TX and RX FIFOs are empty at start of a transfer (git-fixes). - spi: microchip-core: fix the issues in the isr (git-fixes). - spi: microchip-core: only disable SPI controller when register value change requires it (git-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: spi-microchip-core: Fix the number of chip selects supported (git-fixes). - spi: spidev: add correct compatible for Rohm BH2228FV (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: stm32: qspi: Clamp stm32_qspi_get_mode() output to CCR_BUSWIDTH_4 (git-fixes). - spi: stm32: qspi: Fix dual flash mode sanity test in stm32_qspi_setup() (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (stable-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - struct acpi_ec kABI workaround (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - thermal/drivers/mediatek/lvts_thermal: Check NULL ptr on lvts_data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Return error in case of invalid efuse data (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - thunderbolt: debugfs: Fix margin debugfs node creation condition (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/memory-model: Fix bug in lock.cat (git-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power turbostat: Remember global max_die_id (stable-fixes). - tools/power/cpupower: Fix Pstate frequency reporting on AMD Family 1Ah CPUs (stable-fixes). - tools: ynl: do not leak mcast_groups on init error (git-fixes). - tools: ynl: fix handling of multiple mcast groups (git-fixes). - tools: ynl: make sure we always pass yarg to mnl_cb_run (git-fixes). - tpm_tis: Do *not* flush uninitialized work (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracefs: Add missing lockdown check to tracefs_create_dir() (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Build event generation tests only as modules (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: n_tty: Fix buffer offsets when lookahead is used (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: dwc3: core: Add DWC31 version 2.00a controller (stable-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: core: Workaround for CSR read timeout (stable-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: pci: Do not set 'linux,phy_charger_detect' property on Lenovo Yoga Tab2 1380 (stable-fixes). - usb: dwc3: pci: add support for the Intel Panther Lake (stable-fixes). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: aspeed_udc: fix device address configuration (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: function: Remove usage of the deprecated ida_simple_xx() API (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: configfs: ensure guid to be valid before set (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (stable-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: glink: fix child node release in probe function (git-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - usb: typec: ucsi_glink: drop special handling for CCI_BUSY (stable-fixes). - usb: ucsi: stm32: fix command completion handling (git-fixes). - usb: xhci-plat: Do not include xhci.h (stable-fixes). - usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (stable-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - virtio_net: avoid data-races on dev->stats fields (git-fixes). - virtio_net: checksum offloading handling fix (git-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vmlinux.lds.h: catch .bss..L* sections into BSS') (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: rzg2l_wdt: Check return status of pm_runtime_put() (git-fixes). - watchdog: rzg2l_wdt: Use pm_runtime_resume_and_get() (git-fixes). - watchdog: rzn1: Convert comma to semicolon (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: add HAS_IOPORT dependencies (bsc#1227149). - wifi: ar5523: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10/11/12k: Use alloc_ordered_workqueue() to create ordered workqueues (bsc#1227149). - wifi: ath10k: Annotate struct ath10k_ce_ring with __counted_by (bsc#1227149). - wifi: ath10k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath10k: Drop checks that are always false (bsc#1227149). - wifi: ath10k: Drop cleaning of driver data from probe error path and remove (bsc#1227149). - wifi: ath10k: Fix a few spelling errors (bsc#1227149). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: Fix enum ath10k_fw_crash_dump_type kernel-doc (bsc#1227149). - wifi: ath10k: Fix htt_data_tx_completion kernel-doc warning (bsc#1227149). - wifi: ath10k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath10k: Remove unused struct ath10k_htc_frame (bsc#1227149). - wifi: ath10k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath10k: Use DECLARE_FLEX_ARRAY() for ath10k_htc_record (bsc#1227149). - wifi: ath10k: Use list_count_nodes() (bsc#1227149). - wifi: ath10k: add missing wmi_10_4_feature_mask documentation (bsc#1227149). - wifi: ath10k: add support to allow broadcast action frame RX (bsc#1227149). - wifi: ath10k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath10k: correctly document enum wmi_tlv_tx_pause_id (bsc#1227149). - wifi: ath10k: drop HTT_DATA_TX_STATUS_DOWNLOAD_FAIL (bsc#1227149). - wifi: ath10k: fix QCOM_RPROC_COMMON dependency (git-fixes). - wifi: ath10k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath10k: fix htt_q_state_conf & htt_q_state kernel-doc (bsc#1227149). - wifi: ath10k: improve structure padding (bsc#1227149). - wifi: ath10k: indicate to mac80211 scan complete with aborted flag for ATH10K_SCAN_STARTING state (bsc#1227149). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath10k: remove ath10k_htc_record::pauload[] (bsc#1227149). - wifi: ath10k: remove duplicate memset() in 10.4 TDLS peer update (bsc#1227149). - wifi: ath10k: remove struct wmi_pdev_chanlist_update_event (bsc#1227149). - wifi: ath10k: remove unused template structs (bsc#1227149). - wifi: ath10k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath10k: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath10k: simplify __ath10k_htt_tx_txq_recalc() (bsc#1227149). - wifi: ath10k: simplify ath10k_peer_create() (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_tdls_peer_capabilities (bsc#1227149). - wifi: ath10k: use flexible array in struct wmi_host_mem_chunks (bsc#1227149). - wifi: ath10k: use flexible arrays for WMI start scan TLVs (bsc#1227149). - wifi: ath11k: Add HTT stats for PHY reset case (bsc#1227149). - wifi: ath11k: Add coldboot calibration support for QCN9074 (bsc#1227149). - wifi: ath11k: Allow ath11k to boot without caldata in ftm mode (bsc#1227149). - wifi: ath11k: Consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath11k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath11k: Do not directly use scan_flags in struct scan_req_params (bsc#1227149). - wifi: ath11k: EMA beacon support (bsc#1227149). - wifi: ath11k: Fix a few spelling errors (bsc#1227149). - wifi: ath11k: Fix ath11k_htc_record flexible record (bsc#1227149). - wifi: ath11k: Introduce and use ath11k_sta_to_arsta() (bsc#1227149). - wifi: ath11k: MBSSID beacon support (bsc#1227149). - wifi: ath11k: MBSSID configuration during vdev create/start (bsc#1227149). - wifi: ath11k: MBSSID parameter configuration in AP mode (bsc#1227149). - wifi: ath11k: Really consistently use ath11k_vif_to_arvif() (bsc#1227149). - wifi: ath11k: Relocate the func ath11k_mac_bitrate_mask_num_ht_rates() and change hweight16 to hweight8 (bsc#1227149). - wifi: ath11k: Remove ath11k_base::bd_api (bsc#1227149). - wifi: ath11k: Remove cal_done check during probe (bsc#1227149). - wifi: ath11k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath11k: Remove scan_flags union from struct scan_req_params (bsc#1227149). - wifi: ath11k: Remove struct ath11k::ops (bsc#1227149). - wifi: ath11k: Remove unneeded semicolon (bsc#1227149). - wifi: ath11k: Remove unused declarations (bsc#1227149). - wifi: ath11k: Remove unused struct ath11k_htc_frame (bsc#1227149). - wifi: ath11k: Send HT fixed rate in WMI peer fixed param (bsc#1227149). - wifi: ath11k: Split coldboot calibration hw_param (bsc#1227149). - wifi: ath11k: Update Qualcomm Innovation Center, Inc. copyrights (bsc#1227149). - wifi: ath11k: Use device_get_match_data() (bsc#1227149). - wifi: ath11k: Use list_count_nodes() (bsc#1227149). - wifi: ath11k: add WMI event debug messages (bsc#1227149). - wifi: ath11k: add WMI_TLV_SERVICE_EXT_TPC_REG_SUPPORT service bit (bsc#1227149). - wifi: ath11k: add chip id board name while searching board-2.bin for WCN6855 (bsc#1227149). - wifi: ath11k: add firmware-2.bin support (bsc#1227149). - wifi: ath11k: add handler for WMI_VDEV_SET_TPC_POWER_CMDID (bsc#1227149). - wifi: ath11k: add parse of transmit power envelope element (bsc#1227149). - wifi: ath11k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath11k: add support for QCA2066 (bsc#1227149). - wifi: ath11k: add support to select 6 GHz regulatory type (bsc#1227149). - wifi: ath11k: ath11k_debugfs_register(): fix format-truncation warning (bsc#1227149). - wifi: ath11k: avoid forward declaration of ath11k_mac_start_vdev_delay() (bsc#1227149). - wifi: ath11k: call ath11k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath11k: constify MHI channel and controller configs (bsc#1227149). - wifi: ath11k: debug: add ATH11K_DBG_CE (bsc#1227149). - wifi: ath11k: debug: remove unused ATH11K_DBG_ANY (bsc#1227149). - wifi: ath11k: debug: use all upper case in ATH11k_DBG_HAL (bsc#1227149). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath11k: do not use %pK (bsc#1227149). - wifi: ath11k: document HAL_RX_BUF_RBM_SW4_BM (bsc#1227149). - wifi: ath11k: dp: cleanup debug message (bsc#1227149). - wifi: ath11k: driver settings for MBSSID and EMA (bsc#1227149). - wifi: ath11k: drop NULL pointer check in ath11k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath11k: drop redundant check in ath11k_dp_rx_mon_dest_process() (bsc#1227149). - wifi: ath11k: enable 36 bit mask for stream DMA (bsc#1227149). - wifi: ath11k: factory test mode support (bsc#1227149). - wifi: ath11k: fill parameters for vdev set tpc power WMI command (bsc#1227149). - wifi: ath11k: fix CAC running state during virtual interface start (bsc#1227149). - wifi: ath11k: fix IOMMU errors on buffer rings (bsc#1227149). - wifi: ath11k: fix RCU documentation in ath11k_mac_op_ipv6_changed() (git-fixes). - wifi: ath11k: fix WCN6750 firmware crash caused by 17 num_vdevs (bsc#1227149). - wifi: ath11k: fix Wvoid-pointer-to-enum-cast warning (bsc#1227149). - wifi: ath11k: fix a possible dead lock caused by ab->base_lock (bsc#1227149). - wifi: ath11k: fix ath11k_mac_op_remain_on_channel() stack usage (bsc#1227149). - wifi: ath11k: fix connection failure due to unexpected peer delete (bsc#1227149). - wifi: ath11k: fix tid bitmap is 0 in peer rx mu stats (bsc#1227149). - wifi: ath11k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath11k: hal: cleanup debug message (bsc#1227149). - wifi: ath11k: htc: cleanup debug messages (bsc#1227149). - wifi: ath11k: initialize eirp_power before use (bsc#1227149). - wifi: ath11k: mac: fix struct ieee80211_sband_iftype_data handling (bsc#1227149). - wifi: ath11k: mhi: add a warning message for MHI_CB_EE_RDDM crash (bsc#1227149). - wifi: ath11k: move pci.ops registration ahead (bsc#1227149). - wifi: ath11k: move power type check to ASSOC stage when connecting to 6 GHz AP (bsc#1227149). - wifi: ath11k: move references from rsvd2 to info fields (bsc#1227149). - wifi: ath11k: pci: cleanup debug logging (bsc#1227149). - wifi: ath11k: print debug level in debug messages (bsc#1227149). - wifi: ath11k: provide address list if chip supports 2 stations (bsc#1227149). - wifi: ath11k: qmi: refactor ath11k_qmi_m3_load() (bsc#1227149). - wifi: ath11k: refactor ath11k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath11k: refactor setting country code logic (stable-fixes). - wifi: ath11k: refactor vif parameter configurations (bsc#1227149). - wifi: ath11k: rely on mac80211 debugfs handling for vif (bsc#1227149). - wifi: ath11k: remove ath11k_htc_record::pauload[] (bsc#1227149). - wifi: ath11k: remove invalid peer create logic (bsc#1227149). - wifi: ath11k: remove manual mask names from debug messages (bsc#1227149). - wifi: ath11k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath11k: remove unsupported event handlers (bsc#1227149). - wifi: ath11k: remove unused function ath11k_tm_event_wmi() (bsc#1227149). - wifi: ath11k: remove unused members of 'struct ath11k_base' (bsc#1227149). - wifi: ath11k: remove unused scan_events from struct scan_req_params (bsc#1227149). - wifi: ath11k: rename MBSSID fields in wmi_vdev_up_cmd (bsc#1227149). - wifi: ath11k: rename ath11k_start_vdev_delay() (bsc#1227149). - wifi: ath11k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath11k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath11k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath11k: restore country code during resume (git-fixes). - wifi: ath11k: save max transmit power in vdev start response event from firmware (bsc#1227149). - wifi: ath11k: save power spectral density(PSD) of regulatory rule (bsc#1227149). - wifi: ath11k: simplify ath11k_mac_validate_vht_he_fixed_rate_settings() (bsc#1227149). - wifi: ath11k: simplify the code with module_platform_driver (bsc#1227149). - wifi: ath11k: store cur_regulatory_info for each radio (bsc#1227149). - wifi: ath11k: support 2 station interfaces (bsc#1227149). - wifi: ath11k: update proper pdev/vdev id for testmode command (bsc#1227149). - wifi: ath11k: update regulatory rules when connect to AP on 6 GHz band for station (bsc#1227149). - wifi: ath11k: update regulatory rules when interface added (bsc#1227149). - wifi: ath11k: use RCU when accessing struct inet6_dev::ac_list (bsc#1227149). - wifi: ath11k: use WMI_VDEV_SET_TPC_POWER_CMDID when EXT_TPC_REG_SUPPORT for 6 GHz (bsc#1227149). - wifi: ath11k: use kstrtoul_from_user() where appropriate (bsc#1227149). - wifi: ath11k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath11k: wmi: add unified command debug messages (bsc#1227149). - wifi: ath11k: wmi: cleanup error handling in ath11k_wmi_send_init_country_cmd() (bsc#1227149). - wifi: ath11k: wmi: use common error handling style (bsc#1227149). - wifi: ath11k: workaround too long expansion sparse warnings (bsc#1227149). - wifi: ath12k: Add logic to write QRTR node id to scratch (bsc#1227149). - wifi: ath12k: Add missing qmi_txn_cancel() calls (bsc#1227149). - wifi: ath12k: Add support to parse new WMI event for 6 GHz regulatory (bsc#1227149). - wifi: ath12k: Consistently use ath12k_vif_to_arvif() (bsc#1227149). - wifi: ath12k: Consolidate WMI peer flags (bsc#1227149). - wifi: ath12k: Correct 6 GHz frequency value in rx status (git-fixes). - wifi: ath12k: Do not drop tx_status in failure case (git-fixes). - wifi: ath12k: Do not use scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Enable Mesh support for QCN9274 (bsc#1227149). - wifi: ath12k: Fix a few spelling errors (bsc#1227149). - wifi: ath12k: Fix tx completion ring (WBM2SW) setup failure (git-fixes). - wifi: ath12k: Fix uninitialized use of ret in ath12k_mac_allocate() (bsc#1227149). - wifi: ath12k: Introduce and use ath12k_sta_to_arsta() (bsc#1227149). - wifi: ath12k: Introduce the container for mac80211 hw (bsc#1227149). - wifi: ath12k: Make QMI message rules const (bsc#1227149). - wifi: ath12k: Optimize the mac80211 hw data access (bsc#1227149). - wifi: ath12k: Read board id to support split-PHY QCN9274 (bsc#1227149). - wifi: ath12k: Refactor the mac80211 hw access from link/radio (bsc#1227149). - wifi: ath12k: Remove ath12k_base::bd_api (bsc#1227149). - wifi: ath12k: Remove obsolete struct wmi_peer_flags_map *peer_flags (bsc#1227149). - wifi: ath12k: Remove some dead code (bsc#1227149). - wifi: ath12k: Remove struct ath12k::ops (bsc#1227149). - wifi: ath12k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath12k: Remove unnecessary struct qmi_txn initializers (bsc#1227149). - wifi: ath12k: Remove unused declarations (bsc#1227149). - wifi: ath12k: Remove unused scan_flags from struct ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: Set default beacon mode to burst mode (bsc#1227149). - wifi: ath12k: Use initializers for QMI message buffers (bsc#1227149). - wifi: ath12k: Use msdu_end to check MCBC (bsc#1227149). - wifi: ath12k: Use pdev_id rather than mac_id to get pdev (bsc#1227149). - wifi: ath12k: WMI support to process EHT capabilities (bsc#1227149). - wifi: ath12k: add 320 MHz bandwidth enums (bsc#1227149). - wifi: ath12k: add CE and ext IRQ flag to indicate irq_handler (bsc#1227149). - wifi: ath12k: add EHT PHY modes (bsc#1227149). - wifi: ath12k: add MAC id support in WBM error path (bsc#1227149). - wifi: ath12k: add MLO header in peer association (bsc#1227149). - wifi: ath12k: add P2P IE in beacon template (bsc#1227149). - wifi: ath12k: add QMI PHY capability learn support (bsc#1227149). - wifi: ath12k: add WMI support for EHT peer (bsc#1227149). - wifi: ath12k: add ath12k_qmi_free_resource() for recovery (bsc#1227149). - wifi: ath12k: add fallback board name without variant while searching board-2.bin (bsc#1227149). - wifi: ath12k: add firmware-2.bin support (bsc#1227149). - wifi: ath12k: add handler for scan event WMI_SCAN_EVENT_DEQUEUED (bsc#1227149). - wifi: ath12k: add keep backward compatibility of PHY mode to avoid firmware crash (bsc#1227149). - wifi: ath12k: add msdu_end structure for WCN7850 (bsc#1227149). - wifi: ath12k: add parsing of phy bitmap for reg rules (bsc#1227149). - wifi: ath12k: add processing for TWT disable event (bsc#1227149). - wifi: ath12k: add processing for TWT enable event (bsc#1227149). - wifi: ath12k: add qmi_cnss_feature_bitmap field to hardware parameters (bsc#1227149). - wifi: ath12k: add rcu lock for ath12k_wmi_p2p_noa_event() (bsc#1227149). - wifi: ath12k: add read variant from SMBIOS for download board data (bsc#1227149). - wifi: ath12k: add string type to search board data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add support for BA1024 (bsc#1227149). - wifi: ath12k: add support for collecting firmware log (bsc#1227149). - wifi: ath12k: add support for hardware rfkill for WCN7850 (bsc#1227149). - wifi: ath12k: add support for peer meta data version (bsc#1227149). - wifi: ath12k: add support one MSI vector (bsc#1227149). - wifi: ath12k: add support to search regdb data in board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: add wait operation for tx management packets for flush from mac80211 (bsc#1227149). - wifi: ath12k: advertise P2P dev support for WCN7850 (bsc#1227149). - wifi: ath12k: allow specific mgmt frame tx while vdev is not up (bsc#1227149). - wifi: ath12k: ath12k_start_vdev_delay(): convert to use ar (bsc#1227149). - wifi: ath12k: avoid deadlock by change ieee80211_queue_work for regd_update_work (bsc#1227149). - wifi: ath12k: avoid duplicated vdev stop (git-fixes). - wifi: ath12k: avoid explicit HW conversion argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit RBM id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid explicit mac id argument in Rxdma replenish (bsc#1227149). - wifi: ath12k: avoid repeated hw access from ar (bsc#1227149). - wifi: ath12k: avoid repeated wiphy access from hw (bsc#1227149). - wifi: ath12k: call ath12k_mac_fils_discovery() without condition (bsc#1227149). - wifi: ath12k: change DMA direction while mapping reinjected packets (git-fixes). - wifi: ath12k: change MAC buffer ring size to 2048 (bsc#1227149). - wifi: ath12k: change WLAN_SCAN_PARAMS_MAX_IE_LEN from 256 to 512 (bsc#1227149). - wifi: ath12k: change interface combination for P2P mode (bsc#1227149). - wifi: ath12k: change to initialize recovery variables earlier in ath12k_core_reset() (bsc#1227149). - wifi: ath12k: change to treat alpha code na as world wide regdomain (bsc#1227149). - wifi: ath12k: change to use dynamic memory for channel list of scan (bsc#1227149). - wifi: ath12k: check M3 buffer size as well whey trying to reuse it (bsc#1227149). - wifi: ath12k: check hardware major version for WCN7850 (bsc#1227149). - wifi: ath12k: configure RDDM size to MHI for device recovery (bsc#1227149). - wifi: ath12k: configure puncturing bitmap (bsc#1227149). - wifi: ath12k: correct the data_type from QMI_OPT_FLAG to QMI_UNSIGNED_1_BYTE for mlo_capable (bsc#1227149). - wifi: ath12k: delete the timer rx_replenish_retry during rmmod (bsc#1227149). - wifi: ath12k: designating channel frequency for ROC scan (bsc#1227149). - wifi: ath12k: disable QMI PHY capability learn in split-phy QCN9274 (bsc#1227149). - wifi: ath12k: do not drop data frames from unassociated stations (bsc#1227149). - wifi: ath12k: do not restore ASPM in case of single MSI vector (bsc#1227149). - wifi: ath12k: drop NULL pointer check in ath12k_update_per_peer_tx_stats() (bsc#1227149). - wifi: ath12k: drop failed transmitted frames from metric calculation (git-fixes). - wifi: ath12k: enable 320 MHz bandwidth for 6 GHz band in EHT PHY capability for WCN7850 (bsc#1227149). - wifi: ath12k: enable 802.11 power save mode in station mode (bsc#1227149). - wifi: ath12k: enable IEEE80211_HW_SINGLE_SCAN_ON_ALL_BANDS for WCN7850 (bsc#1227149). - wifi: ath12k: fetch correct pdev id from WMI_SERVICE_READY_EXT_EVENTID (bsc#1227149). - wifi: ath12k: fix PCI read and write (bsc#1227149). - wifi: ath12k: fix WARN_ON during ath12k_mac_update_vif_chan (bsc#1227149). - wifi: ath12k: fix broken structure wmi_vdev_create_cmd (bsc#1227149). - wifi: ath12k: fix conf_mutex in ath12k_mac_op_unassign_vif_chanctx() (bsc#1227149). - wifi: ath12k: fix debug messages (bsc#1227149). - wifi: ath12k: fix fetching MCBC flag for QCN9274 (bsc#1227149). - wifi: ath12k: fix firmware assert during insmod in memory segment mode (bsc#1227149). - wifi: ath12k: fix firmware crash during reo reinject (git-fixes). - wifi: ath12k: fix invalid m3 buffer address (bsc#1227149). - wifi: ath12k: fix invalid memory access while processing fragmented packets (git-fixes). - wifi: ath12k: fix kernel crash during resume (bsc#1227149). - wifi: ath12k: fix license in p2p.c and p2p.h (bsc#1227149). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath12k: fix peer metadata parsing (git-fixes). - wifi: ath12k: fix potential wmi_mgmt_tx_queue race condition (bsc#1227149). - wifi: ath12k: fix radar detection in 160 MHz (bsc#1227149). - wifi: ath12k: fix recovery fail while firmware crash when doing channel switch (bsc#1227149). - wifi: ath12k: fix the error handler of rfkill config (bsc#1227149). - wifi: ath12k: fix the issue that the multicast/broadcast indicator is not read correctly for WCN7850 (bsc#1227149). - wifi: ath12k: fix the problem that down grade phy mode operation (bsc#1227149). - wifi: ath12k: fix wrong definition of CE ring's base address (git-fixes). - wifi: ath12k: fix wrong definitions of hal_reo_update_rx_queue (bsc#1227149). - wifi: ath12k: get msi_data again after request_irq is called (bsc#1227149). - wifi: ath12k: implement handling of P2P NoA event (bsc#1227149). - wifi: ath12k: implement remain on channel for P2P mode (bsc#1227149). - wifi: ath12k: increase vdev setup timeout (bsc#1227149). - wifi: ath12k: indicate NON MBSSID vdev by default during vdev start (bsc#1227149). - wifi: ath12k: indicate scan complete for scan canceled when scan running (bsc#1227149). - wifi: ath12k: indicate to mac80211 scan complete with aborted flag for ATH12K_SCAN_STARTING state (bsc#1227149). - wifi: ath12k: move HE capabilities processing to a new function (bsc#1227149). - wifi: ath12k: move peer delete after vdev stop of station for WCN7850 (bsc#1227149). - wifi: ath12k: parse WMI service ready ext2 event (bsc#1227149). - wifi: ath12k: peer assoc for 320 MHz (bsc#1227149). - wifi: ath12k: prepare EHT peer assoc parameters (bsc#1227149). - wifi: ath12k: propagate EHT capabilities to userspace (bsc#1227149). - wifi: ath12k: refactor DP Rxdma ring structure (bsc#1227149). - wifi: ath12k: refactor QMI MLO host capability helper function (bsc#1227149). - wifi: ath12k: refactor ath12k_bss_assoc() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_allocate() and ath12k_mac_destroy() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_ampdu_action() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_conf_tx() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_config() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_configure_filter() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_flush() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_start() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_stop() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_op_update_vif_offload() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_register() and ath12k_mac_unregister() (bsc#1227149). - wifi: ath12k: refactor ath12k_mac_setup_channels_rates() (bsc#1227149). - wifi: ath12k: refactor ath12k_wmi_tlv_parse_alloc() (bsc#1227149). - wifi: ath12k: refactor multiple MSI vector implementation (bsc#1227149). - wifi: ath12k: refactor the rfkill worker (bsc#1227149). - wifi: ath12k: register EHT mesh capabilities (bsc#1227149). - wifi: ath12k: relax list iteration in ath12k_mac_vif_unref() (bsc#1227149). - wifi: ath12k: relocate ath12k_dp_pdev_pre_alloc() call (bsc#1227149). - wifi: ath12k: remove hal_desc_sz from hw params (bsc#1227149). - wifi: ath12k: remove redundant memset() in ath12k_hal_reo_qdesc_setup() (bsc#1227149). - wifi: ath12k: remove the unused scan_events from ath12k_wmi_scan_req_arg (bsc#1227149). - wifi: ath12k: remove unused ATH12K_BD_IE_BOARD_EXT (bsc#1227149). - wifi: ath12k: rename HE capabilities setup/copy functions (bsc#1227149). - wifi: ath12k: rename the sc naming convention to ab (bsc#1227149). - wifi: ath12k: rename the wmi_sc naming convention to wmi_ab (bsc#1227149). - wifi: ath12k: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: ath12k: send WMI_PEER_REORDER_QUEUE_SETUP_CMDID when ADDBA session starts (bsc#1227149). - wifi: ath12k: set IRQ affinity to CPU0 in case of one MSI vector (bsc#1227149). - wifi: ath12k: set PERST pin no pull request for WCN7850 (bsc#1227149). - wifi: ath12k: split hal_ops to support RX TLVs word mask compaction (bsc#1227149). - wifi: ath12k: subscribe required word mask from rx tlv (bsc#1227149). - wifi: ath12k: support default regdb while searching board-2.bin for WCN7850 (bsc#1227149). - wifi: ath12k: trigger station disconnect on hardware restart (bsc#1227149). - wifi: ath12k: use ATH12K_PCI_IRQ_DP_OFFSET for DP IRQ (bsc#1227149). - wifi: ath12k: use correct flag field for 320 MHz channels (bsc#1227149). - wifi: ath12k: use select for CRYPTO_MICHAEL_MIC (bsc#1227149). - wifi: ath5k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath5k: Remove redundant dev_err() (bsc#1227149). - wifi: ath5k: ath5k_hw_get_median_noise_floor(): use swap() (bsc#1227149). - wifi: ath5k: remove phydir check from ath5k_debug_init_device() (bsc#1227149). - wifi: ath5k: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath5k: remove unused ath5k_eeprom_info::ee_antenna (bsc#1227149). - wifi: ath5k: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: ath6kl: Remove error checking for debugfs_create_dir() (bsc#1227149). - wifi: ath6kl: remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath6kl: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: ath9k: remove redundant assignment to variable ret (bsc#1227149). - wifi: ath9k: Convert to platform remove callback returning void (bsc#1227149). - wifi: ath9k: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: ath9k: Remove unnecessary ternary operators (bsc#1227149). - wifi: ath9k: Remove unused declarations (bsc#1227149). - wifi: ath9k: avoid using uninitialized array (bsc#1227149). - wifi: ath9k: clean up function ath9k_hif_usb_resume (bsc#1227149). - wifi: ath9k: consistently use kstrtoX_from_user() functions (bsc#1227149). - wifi: ath9k: delete some unused/duplicate macros (bsc#1227149). - wifi: ath9k: fix parameter check in ath9k_init_debug() (bsc#1227149). - wifi: ath9k: reset survey of current channel after a scan started (bsc#1227149). - wifi: ath9k: simplify ar9003_hw_process_ini() (bsc#1227149). - wifi: ath9k: use u32 for txgain indexes (bsc#1227149). - wifi: ath9k: work around memset overflow warning (bsc#1227149). - wifi: ath9k_htc: fix format-truncation warning (bsc#1227149). - wifi: ath: Use is_multicast_ether_addr() to check multicast Ether address (bsc#1227149). - wifi: ath: dfs_pattern_detector: Use flex array to simplify code (bsc#1227149). - wifi: ath: remove unused-but-set parameter (bsc#1227149). - wifi: ath: work around false-positive stringop-overread warning (bsc#1227149). - wifi: atk10k: Do not opencode ath10k_pci_priv() in ath10k_ahb_priv() (bsc#1227149). - wifi: atmel: remove unused ioctl function (bsc#1227149). - wifi: b43: silence sparse warnings (bsc#1227149). - wifi: brcm80211: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: brcmfmac: Annotate struct brcmf_gscan_config with __counted_by (bsc#1227149). - wifi: brcmfmac: Detect corner error case earlier with log (bsc#1227149). - wifi: brcmfmac: add linefeed at end of file (bsc#1227149). - wifi: brcmfmac: allow per-vendor event handling (bsc#1227149). - wifi: brcmfmac: do not cast hidden SSID attribute value to boolean (bsc#1227149). - wifi: brcmfmac: do not pass hidden SSID attribute as value directly (bsc#1227149). - wifi: brcmfmac: export firmware interface functions (bsc#1227149). - wifi: brcmfmac: firmware: Annotate struct brcmf_fw_request with __counted_by (bsc#1227149). - wifi: brcmfmac: fix format-truncation warnings (bsc#1227149). - wifi: brcmfmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmfmac: fweh: Add __counted_by for struct brcmf_fweh_queue_item and use struct_size() (bsc#1227149). - wifi: brcmfmac: fweh: Fix boot crash on Raspberry Pi 4 (bsc#1227149). - wifi: brcmfmac: move feature overrides before feature_disable (bsc#1227149). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: brcmsmac: cleanup SCB-related data types (bsc#1227149). - wifi: brcmsmac: fix gnu_printf warnings (bsc#1227149). - wifi: brcmsmac: phy: Remove unreachable code (bsc#1227149). - wifi: brcmsmac: remove more unused data types (bsc#1227149). - wifi: brcmsmac: remove unused data type (bsc#1227149). - wifi: brcmsmac: replace deprecated strncpy with memcpy (bsc#1227149). - wifi: brcmsmac: silence sparse warnings (bsc#1227149). - wifi: brcmutil: use helper function pktq_empty() instead of open code (bsc#1227149). - wifi: carl9170: Remove redundant assignment to pointer super (bsc#1227149). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: carl9170: remove unnecessary (void*) conversions (bsc#1227149). - wifi: cfg80211: Add support for setting TID to link mapping (bsc#1227149). - wifi: cfg80211: Allow AP/P2PGO to indicate port authorization to peer STA/P2PClient (bsc#1227149). - wifi: cfg80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: cfg80211: Fix typo in documentation (bsc#1227149). - wifi: cfg80211: Handle specific BSSID in 6GHz scanning (bsc#1227149). - wifi: cfg80211: Include operating class 137 in 6GHz band (bsc#1227149). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: OWE DH IE handling offload (bsc#1227149). - wifi: cfg80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: cfg80211: Schedule regulatory check on BSS STA channel change (bsc#1227149). - wifi: cfg80211: Update the default DSCP-to-UP mapping (bsc#1227149). - wifi: cfg80211: add BSS usage reporting (bsc#1227149). - wifi: cfg80211: add RNR with reporting AP information (bsc#1227149). - wifi: cfg80211: add a flag to disable wireless extensions (bsc#1227149). - wifi: cfg80211: add local_state_change to deauth trace (bsc#1227149). - wifi: cfg80211: add locked debugfs wrappers (bsc#1227149). - wifi: cfg80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: cfg80211: address several kerneldoc warnings (bsc#1227149). - wifi: cfg80211: allow reg update by driver even if wiphy->regd is set (bsc#1227149). - wifi: cfg80211: annotate iftype_data pointer with sparse (bsc#1227149). - wifi: cfg80211: avoid double free if updating BSS fails (bsc#1227149). - wifi: cfg80211: call reg_call_notifier on beacon hints (bsc#1227149). - wifi: cfg80211: check RTNL when iterating devices (bsc#1227149). - wifi: cfg80211: check wiphy mutex is held for wdev mutex (bsc#1227149). - wifi: cfg80211: consume both probe response and beacon IEs (bsc#1227149). - wifi: cfg80211: detect stuck ECSA element in probe resp (bsc#1227149). - wifi: cfg80211: ensure cfg80211_bss_update frees IEs on error (bsc#1227149). - wifi: cfg80211: export DFS CAC time and usable state helper functions (bsc#1227149). - wifi: cfg80211: expose nl80211_chan_width_to_mhz for wide sharing (bsc#1227149). - wifi: cfg80211: fix 6 GHz scan request building (stable-fixes). - wifi: cfg80211: fix CQM for non-range use (bsc#1227149). - wifi: cfg80211: fix header kernel-doc typos (bsc#1227149). - wifi: cfg80211: fix kernel-doc for wiphy_delayed_work_flush() (bsc#1227149). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: cfg80211: fix spelling & punctutation (bsc#1227149). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: fully move wiphy work to unbound workqueue (git-fixes). - wifi: cfg80211: generate an ML element for per-STA profiles (bsc#1227149). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle UHB AP and STA power type (bsc#1227149). - wifi: cfg80211: hold wiphy lock in cfg80211_any_wiphy_oper_chan() (bsc#1227149). - wifi: cfg80211: hold wiphy mutex for send_interface (bsc#1227149). - wifi: cfg80211: improve documentation for flag fields (bsc#1227149). - wifi: cfg80211: introduce cfg80211_ssid_eq() (bsc#1227149). - wifi: cfg80211: make RX assoc data const (bsc#1227149). - wifi: cfg80211: make read-only array centers_80mhz static const (bsc#1227149). - wifi: cfg80211: modify prototype for change_beacon (bsc#1227149). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: reg: Support P2P operation on DFS channels (bsc#1227149). - wifi: cfg80211: reg: describe return values in kernel-doc (bsc#1227149). - wifi: cfg80211: reg: fix various kernel-doc issues (bsc#1227149). - wifi: cfg80211: reg: hold wiphy mutex for wdev iteration (bsc#1227149). - wifi: cfg80211: remove scan_width support (bsc#1227149). - wifi: cfg80211: remove wdev mutex (bsc#1227149). - wifi: cfg80211: rename UHB to 6 GHz (bsc#1227149). - wifi: cfg80211: report per-link errors during association (bsc#1227149). - wifi: cfg80211: report unprotected deauth/disassoc in wowlan (bsc#1227149). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: save power spectral density(psd) of regulatory rule (bsc#1227149). - wifi: cfg80211: set correct param change count in ML element (bsc#1227149). - wifi: cfg80211: sme: hold wiphy lock for wdev iteration (bsc#1227149). - wifi: cfg80211: sort certificates in build (bsc#1227149). - wifi: cfg80211: split struct cfg80211_ap_settings (bsc#1227149). - wifi: cfg80211: validate HE operation element parsing (bsc#1227149). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: cfg80211: wext: convert return value to kernel-doc (bsc#1227149). - wifi: cfg80211: wext: set ssids=NULL for passive scans (git-fixes). - wifi: cw1200: Avoid processing an invalid TIM IE (bsc#1227149). - wifi: cw1200: Convert to GPIO descriptors (bsc#1227149). - wifi: cw1200: fix __le16 sparse warnings (bsc#1227149). - wifi: cw1200: restore endian swapping (bsc#1227149). - wifi: drivers: Explicitly include correct DT includes (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for Broadcom WLAN (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for ar5523 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for mt76 drivers (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for p54spi (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wcn36xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wilc1000 (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl1251 and wl12xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wl18xx (bsc#1227149). - wifi: fill in MODULE_DESCRIPTION()s for wlcore (bsc#1227149). - wifi: hostap: Add __counted_by for struct prism2_download_data and use struct_size() (bsc#1227149). - wifi: hostap: fix stringop-truncations GCC warning (bsc#1227149). - wifi: hostap: remove unused ioctl function (bsc#1227149). - wifi: ieee80211: add UL-bandwidth definition of trigger frame (bsc#1227149). - wifi: ieee80211: add definitions for negotiated TID to Link map (bsc#1227149). - wifi: ieee80211: check for NULL in ieee80211_mle_size_ok() (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlmei: do not send SAP messages if AMT is disabled (bsc#1227149). - wifi: iwlmei: do not send nic info with invalid mac address (bsc#1227149). - wifi: iwlmei: send HOST_GOES_DOWN message even if wiamt is disabled (bsc#1227149). - wifi: iwlmei: send driver down SAP message only if wiamt is enabled (bsc#1227149). - wifi: iwlmvm: fw: Add new OEM vendor to tas approved list (bsc#1227149). - wifi: iwlwifi: Add rf_mapping of new wifi7 devices (bsc#1227149). - wifi: iwlwifi: Add support for PPAG cmd v5 and PPAG revision 3 (bsc#1227149). - wifi: iwlwifi: Add support for new 802.11be device (bsc#1227149). - wifi: iwlwifi: Do not mark DFS channels as NO-IR (bsc#1227149). - wifi: iwlwifi: Extract common prph mac/phy regions data dump logic (bsc#1227149). - wifi: iwlwifi: Fix spelling mistake 'SESION' -> 'SESSION' (bsc#1227149). - wifi: iwlwifi: Use request_module_nowait (bsc#1227149). - wifi: iwlwifi: abort scan when rfkill on but device enabled (bsc#1227149). - wifi: iwlwifi: add HONOR to PPAG approved list (bsc#1227149). - wifi: iwlwifi: add Razer to ppag approved list (bsc#1227149). - wifi: iwlwifi: add mapping of a periphery register crf for WH RF (bsc#1227149). - wifi: iwlwifi: add new RF support for wifi7 (bsc#1227149). - wifi: iwlwifi: add support for SNPS DPHYIP region type (bsc#1227149). - wifi: iwlwifi: add support for a wiphy_work rx handler (bsc#1227149). - wifi: iwlwifi: add support for activating UNII-1 in WW via BIOS (bsc#1227149). - wifi: iwlwifi: add support for new ini region types (bsc#1227149). - wifi: iwlwifi: adjust rx_phyinfo debugfs to MLO (bsc#1227149). - wifi: iwlwifi: always have 'uats_enabled' (bsc#1227149). - wifi: iwlwifi: api: clean up some kernel-doc/typos (bsc#1227149). - wifi: iwlwifi: api: dbg-tlv: fix up kernel-doc (bsc#1227149). - wifi: iwlwifi: api: fix a small upper/lower-case typo (bsc#1227149). - wifi: iwlwifi: api: fix center_freq label in PHY diagram (bsc#1227149). - wifi: iwlwifi: api: fix constant version to match FW (bsc#1227149). - wifi: iwlwifi: api: fix kernel-doc reference (bsc#1227149). - wifi: iwlwifi: bump FW API to 84 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 86 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 87 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: bump FW API to 88 for AX/BZ/SC devices (bsc#1227149). - wifi: iwlwifi: cancel session protection only if there is one (bsc#1227149). - wifi: iwlwifi: change link id in time event to s8 (bsc#1227149). - wifi: iwlwifi: check for kmemdup() return value in iwl_parse_tlv_firmware() (bsc#1227149). - wifi: iwlwifi: cleanup BT Shared Single Antenna code (bsc#1227149). - wifi: iwlwifi: cleanup sending PER_CHAIN_LIMIT_OFFSET_CMD (bsc#1227149). - wifi: iwlwifi: cleanup uefi variables loading (bsc#1227149). - wifi: iwlwifi: clear link_id in time_event (bsc#1227149). - wifi: iwlwifi: dbg-tlv: avoid extra allocation/copy (bsc#1227149). - wifi: iwlwifi: dbg-tlv: use struct_size() for allocation (bsc#1227149). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: disable 160 MHz based on subsystem device ID (bsc#1227149). - wifi: iwlwifi: disable eSR when BT is active (bsc#1227149). - wifi: iwlwifi: disable multi rx queue for 9000 (bsc#1227149). - wifi: iwlwifi: do not check TAS block list size twice (bsc#1227149). - wifi: iwlwifi: do not use TRUE/FALSE with bool (bsc#1227149). - wifi: iwlwifi: drop NULL pointer check in iwl_mvm_tzone_set_trip_temp() (bsc#1227149). - wifi: iwlwifi: dvm: remove kernel-doc warnings (bsc#1227149). - wifi: iwlwifi: error-dump: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fail NIC access fast on dead NIC (bsc#1227149). - wifi: iwlwifi: fix #ifdef CONFIG_ACPI check (bsc#1227149). - wifi: iwlwifi: fix iwl_mvm_get_valid_rx_ant() (git-fixes). - wifi: iwlwifi: fix opmode start/stop race (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix some kernel-doc issues (bsc#1227149). - wifi: iwlwifi: fix system commands group ordering (bsc#1227149). - wifi: iwlwifi: fix the rf step and flavor bits range (bsc#1227149). - wifi: iwlwifi: fw: Add support for UATS table in UHB (bsc#1227149). - wifi: iwlwifi: fw: Fix debugfs command sending (bsc#1227149). - wifi: iwlwifi: fw: allow vmalloc for PNVM image (bsc#1227149). - wifi: iwlwifi: fw: dbg: ensure correct config name sizes (bsc#1227149). - wifi: iwlwifi: fw: disable firmware debug asserts (bsc#1227149). - wifi: iwlwifi: fw: file: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: fw: file: do not use [0] for variable arrays (bsc#1227149). - wifi: iwlwifi: fw: fix compiler warning for NULL string print (bsc#1227149). - wifi: iwlwifi: fw: increase fw_version string size (bsc#1227149). - wifi: iwlwifi: fw: reconstruct the API/CAPA enum number (bsc#1227149). - wifi: iwlwifi: fw: replace deprecated strncpy with strscpy_pad (bsc#1227149). - wifi: iwlwifi: handle per-phy statistics from fw (bsc#1227149). - wifi: iwlwifi: implement GLAI ACPI table loading (bsc#1227149). - wifi: iwlwifi: implement can_activate_links callback (bsc#1227149). - wifi: iwlwifi: implement enable/disable for China 2022 regulatory (bsc#1227149). - wifi: iwlwifi: iwl-fh.h: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: iwl-trans.h: clean up kernel-doc (bsc#1227149). - wifi: iwlwifi: iwlmvm: handle unprotected deauth/disassoc in d3 (bsc#1227149). - wifi: iwlwifi: load b0 version of ucode for HR1/HR2 (bsc#1227149). - wifi: iwlwifi: make TB reallocation a debug message (bsc#1227149). - wifi: iwlwifi: make time_events MLO aware (bsc#1227149). - wifi: iwlwifi: mei: return error from register when not built (bsc#1227149). - wifi: iwlwifi: mvm: Add basic link selection logic (bsc#1227149). - wifi: iwlwifi: mvm: Add support for removing responder TKs (bsc#1227149). - wifi: iwlwifi: mvm: Allow DFS concurrent operation (bsc#1227149). - wifi: iwlwifi: mvm: Configure the link mapping for non-MLD FW (bsc#1227149). - wifi: iwlwifi: mvm: Correctly report TSF data in scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Declare support for secure LTF measurement (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn if valid link pair was not found (bsc#1227149). - wifi: iwlwifi: mvm: Do not warn on invalid link on scan complete (bsc#1227149). - wifi: iwlwifi: mvm: Extend support for P2P service discovery (bsc#1227149). - wifi: iwlwifi: mvm: Fix FTM initiator flags (bsc#1227149). - wifi: iwlwifi: mvm: Fix scan abort handling with HW rfkill (stable-fixes). - wifi: iwlwifi: mvm: Fix unreachable code path (bsc#1227149). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: Keep connection in case of missed beacons during RX (bsc#1227149). - wifi: iwlwifi: mvm: Return success if link could not be removed (bsc#1227149). - wifi: iwlwifi: mvm: Use the link ID provided in scan request (bsc#1227149). - wifi: iwlwifi: mvm: add US/Canada MCC to API (bsc#1227149). - wifi: iwlwifi: mvm: add a debug print when we get a BAR (bsc#1227149). - wifi: iwlwifi: mvm: add a debugfs hook to clear the monitor data (bsc#1227149). - wifi: iwlwifi: mvm: add a per-link debugfs (bsc#1227149). - wifi: iwlwifi: mvm: add a print when sending RLC command (bsc#1227149). - wifi: iwlwifi: mvm: add start mac ctdp sum calculation debugfs handler (bsc#1227149). - wifi: iwlwifi: mvm: add support for TID to link mapping neg request (bsc#1227149). - wifi: iwlwifi: mvm: add support for new wowlan_info_notif (bsc#1227149). - wifi: iwlwifi: mvm: advertise MLO only if EHT is enabled (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for SCS traffic description (bsc#1227149). - wifi: iwlwifi: mvm: advertise support for protected ranging negotiation (bsc#1227149). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: always update keys in D3 exit (bsc#1227149). - wifi: iwlwifi: mvm: avoid garbage iPN (bsc#1227149). - wifi: iwlwifi: mvm: calculate EMLSR mode after connection (bsc#1227149). - wifi: iwlwifi: mvm: check AP supports EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: check for iwl_mvm_mld_update_sta() errors (bsc#1227149). - wifi: iwlwifi: mvm: check link more carefully (bsc#1227149). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: check own capabilities for EMLSR (bsc#1227149). - wifi: iwlwifi: mvm: cleanup MLO and non-MLO unification code (bsc#1227149). - wifi: iwlwifi: mvm: combine condition/warning (bsc#1227149). - wifi: iwlwifi: mvm: consider having one active link (bsc#1227149). - wifi: iwlwifi: mvm: const-ify chandef pointers (bsc#1227149). - wifi: iwlwifi: mvm: cycle FW link on chanctx removal (bsc#1227149). - wifi: iwlwifi: mvm: d3: avoid intermediate/early mutex unlock (bsc#1227149). - wifi: iwlwifi: mvm: d3: disconnect on GTK rekey failure (bsc#1227149). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: d3: implement suspend with MLO (bsc#1227149). - wifi: iwlwifi: mvm: debugfs for fw system stats (bsc#1227149). - wifi: iwlwifi: mvm: define RX queue sync timeout as a macro (bsc#1227149). - wifi: iwlwifi: mvm: disable MLO for the time being (bsc#1227149). - wifi: iwlwifi: mvm: disallow puncturing in US/Canada (bsc#1227149). - wifi: iwlwifi: mvm: disconnect long CSA only w/o alternative (bsc#1227149). - wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (bsc#1227149). - wifi: iwlwifi: mvm: do not abort queue sync in CT-kill (bsc#1227149). - wifi: iwlwifi: mvm: do not add dummy phy context (bsc#1227149). - wifi: iwlwifi: mvm: do not always disable EMLSR due to BT coex (bsc#1227149). - wifi: iwlwifi: mvm: do not do duplicate detection for nullfunc packets (bsc#1227149). - wifi: iwlwifi: mvm: do not initialize csa_work twice (git-fixes). - wifi: iwlwifi: mvm: do not limit VLP/AFC to UATS-enabled (git-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: do not send BT_COEX_CI command on new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send NDPs for new tx devices (bsc#1227149). - wifi: iwlwifi: mvm: do not send STA_DISABLE_TX_CMD for newer firmware (bsc#1227149). - wifi: iwlwifi: mvm: do not send the smart fifo command if not needed (bsc#1227149). - wifi: iwlwifi: mvm: do not set trigger frame padding in AP mode (bsc#1227149). - wifi: iwlwifi: mvm: do not support reduced tx power on ack for new devices (bsc#1227149). - wifi: iwlwifi: mvm: do not wake up rx_sync_waitq upon RFKILL (git-fixes). - wifi: iwlwifi: mvm: enable FILS DF Tx on non-PSC channel (bsc#1227149). - wifi: iwlwifi: mvm: enable HE TX/RX <242 tone RU on new RFs (bsc#1227149). - wifi: iwlwifi: mvm: expand queue sync warning messages (bsc#1227149). - wifi: iwlwifi: mvm: extend alive timeout to 2 seconds (bsc#1227149). - wifi: iwlwifi: mvm: fix ROC version check (bsc#1227149). - wifi: iwlwifi: mvm: fix SB CFG check (bsc#1227149). - wifi: iwlwifi: mvm: fix a battery life regression (bsc#1227149). - wifi: iwlwifi: mvm: fix a crash on 7265 (bsc#1227149). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fix link ID management (bsc#1227149). - wifi: iwlwifi: mvm: fix recovery flow in CSA (bsc#1227149). - wifi: iwlwifi: mvm: fix regdb initialization (bsc#1227149). - wifi: iwlwifi: mvm: fix the PHY context resolution for p2p device (bsc#1227149). - wifi: iwlwifi: mvm: fix the TXF mapping for BZ devices (bsc#1227149). - wifi: iwlwifi: mvm: fix the key PN index (bsc#1227149). - wifi: iwlwifi: mvm: fix thermal kernel-doc (bsc#1227149). - wifi: iwlwifi: mvm: fold the ref++ into iwl_mvm_phy_ctxt_add (bsc#1227149). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: handle BA session teardown in RF-kill (stable-fixes). - wifi: iwlwifi: mvm: handle debugfs names more carefully (bsc#1227149). - wifi: iwlwifi: mvm: handle link-STA allocation in restart (bsc#1227149). - wifi: iwlwifi: mvm: implement ROC version 3 (bsc#1227149). - wifi: iwlwifi: mvm: implement new firmware API for statistics (bsc#1227149). - wifi: iwlwifi: mvm: increase session protection after CSA (bsc#1227149). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: introduce PHY_CONTEXT_CMD_API_VER_5 (bsc#1227149). - wifi: iwlwifi: mvm: introduce esr_disable_reason (bsc#1227149). - wifi: iwlwifi: mvm: iterate active links for STA queues (bsc#1227149). - wifi: iwlwifi: mvm: limit EHT 320 MHz MCS for STEP URM (bsc#1227149). - wifi: iwlwifi: mvm: limit pseudo-D3 to 60 seconds (bsc#1227149). - wifi: iwlwifi: mvm: log dropped frames (bsc#1227149). - wifi: iwlwifi: mvm: log dropped packets due to MIC error (bsc#1227149). - wifi: iwlwifi: mvm: make 'pldr_sync' mode effective (bsc#1227149). - wifi: iwlwifi: mvm: make functions public (bsc#1227149). - wifi: iwlwifi: mvm: make pldr_sync AX210 specific (bsc#1227149). - wifi: iwlwifi: mvm: move BA notif messages before action (bsc#1227149). - wifi: iwlwifi: mvm: move RU alloc B2 placement (bsc#1227149). - wifi: iwlwifi: mvm: move listen interval to constants (bsc#1227149). - wifi: iwlwifi: mvm: offload IGTK in AP if BIGTK is supported (bsc#1227149). - wifi: iwlwifi: mvm: partially support PHY context version 6 (bsc#1227149). - wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: reduce maximum RX A-MPDU size (bsc#1227149). - wifi: iwlwifi: mvm: refactor TX rate handling (bsc#1227149). - wifi: iwlwifi: mvm: refactor duplicate chanctx condition (bsc#1227149). - wifi: iwlwifi: mvm: remove EHT code from mac80211.c (bsc#1227149). - wifi: iwlwifi: mvm: remove IWL_MVM_STATUS_NEED_FLUSH_P2P (bsc#1227149). - wifi: iwlwifi: mvm: remove flags for enable/disable beacon filter (bsc#1227149). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: remove one queue sync on BA session stop (bsc#1227149). - wifi: iwlwifi: mvm: remove set_tim callback for MLD ops (bsc#1227149). - wifi: iwlwifi: mvm: remove stale STA link data during restart (stable-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: iwlwifi: mvm: rework debugfs handling (bsc#1227149). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: set properly mac header (git-fixes). - wifi: iwlwifi: mvm: show dump even for pldr_sync (bsc#1227149). - wifi: iwlwifi: mvm: show skb_mac_gso_segment() failure reason (bsc#1227149). - wifi: iwlwifi: mvm: simplify the reorder buffer (bsc#1227149). - wifi: iwlwifi: mvm: skip adding debugfs symlink for reconfig (bsc#1227149). - wifi: iwlwifi: mvm: support CSA with MLD (bsc#1227149). - wifi: iwlwifi: mvm: support SPP A-MSDUs (bsc#1227149). - wifi: iwlwifi: mvm: support flush on AP interfaces (bsc#1227149). - wifi: iwlwifi: mvm: support injection antenna control (bsc#1227149). - wifi: iwlwifi: mvm: support iwl_dev_tx_power_cmd_v8 (bsc#1227149). - wifi: iwlwifi: mvm: support set_antenna() (bsc#1227149). - wifi: iwlwifi: mvm: unlock mvm if there is no primary link (bsc#1227149). - wifi: iwlwifi: mvm: use fast balance scan in case of an active P2P GO (bsc#1227149). - wifi: iwlwifi: mvm: use the new command to clear the internal buffer (bsc#1227149). - wifi: iwlwifi: mvm: work around A-MSDU size problem (bsc#1227149). - wifi: iwlwifi: no power save during transition to D3 (bsc#1227149). - wifi: iwlwifi: nvm-parse: advertise common packet padding (bsc#1227149). - wifi: iwlwifi: nvm: parse the VLP/AFC bit from regulatory (bsc#1227149). - wifi: iwlwifi: pcie: (re-)assign BAR0 on driver bind (bsc#1227149). - wifi: iwlwifi: pcie: Add new PCI device id and CNVI (bsc#1227149). - wifi: iwlwifi: pcie: clean up WFPM control bits (bsc#1227149). - wifi: iwlwifi: pcie: clean up device removal work (bsc#1227149). - wifi: iwlwifi: pcie: clean up gen1/gen2 TFD unmap (bsc#1227149). - wifi: iwlwifi: pcie: do not allow hw-rfkill to stop device on gen2 (bsc#1227149). - wifi: iwlwifi: pcie: dump CSRs before removal (bsc#1227149). - wifi: iwlwifi: pcie: enable TOP fatal error interrupt (bsc#1227149). - wifi: iwlwifi: pcie: fix kernel-doc issues (bsc#1227149). - wifi: iwlwifi: pcie: get_crf_id() can be void (bsc#1227149). - wifi: iwlwifi: pcie: give up mem read if HW is dead (bsc#1227149). - wifi: iwlwifi: pcie: move gen1 TB handling to header (bsc#1227149). - wifi: iwlwifi: pcie: point invalid TFDs to invalid data (bsc#1227149). - wifi: iwlwifi: pcie: propagate iwl_pcie_gen2_apm_init() error (bsc#1227149). - wifi: iwlwifi: pcie: rescan bus if no parent (bsc#1227149). - wifi: iwlwifi: prepare for reading DSM from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: prepare for reading TAS table from UEFI (bsc#1227149). - wifi: iwlwifi: properly check if link is active (bsc#1227149). - wifi: iwlwifi: properly set WIPHY_FLAG_SUPPORTS_EXT_KEK_KCK (stable-fixes). - wifi: iwlwifi: queue: fix kernel-doc (bsc#1227149). - wifi: iwlwifi: queue: improve warning for no skb in reclaim (bsc#1227149). - wifi: iwlwifi: queue: move iwl_txq_gen2_set_tb() up (bsc#1227149). - wifi: iwlwifi: read DSM func 2 for specific RF types (bsc#1227149). - wifi: iwlwifi: read DSM functions from UEFI (bsc#1227149). - wifi: iwlwifi: read ECKV table from UEFI (bsc#1227149). - wifi: iwlwifi: read PPAG table from UEFI (bsc#1227149). - wifi: iwlwifi: read SAR tables from UEFI (bsc#1227149). - wifi: iwlwifi: read SPLC from UEFI (bsc#1227149). - wifi: iwlwifi: read WRDD table from UEFI (bsc#1227149). - wifi: iwlwifi: read WTAS table from UEFI (bsc#1227149). - wifi: iwlwifi: read mac step from aux register (bsc#1227149). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: iwlwifi: refactor RX tracing (bsc#1227149). - wifi: iwlwifi: remove 'def_rx_queue' struct member (bsc#1227149). - wifi: iwlwifi: remove Gl A-step remnants (bsc#1227149). - wifi: iwlwifi: remove WARN from read_mem32() (bsc#1227149). - wifi: iwlwifi: remove async command callback (bsc#1227149). - wifi: iwlwifi: remove dead-code (bsc#1227149). - wifi: iwlwifi: remove extra kernel-doc (bsc#1227149). - wifi: iwlwifi: remove memory check for LMAC error address (bsc#1227149). - wifi: iwlwifi: remove retry loops in start (bsc#1227149). - wifi: iwlwifi: remove unused function prototype (bsc#1227149). - wifi: iwlwifi: replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: iwlwifi: return negative -EINVAL instead of positive EINVAL (bsc#1227149). - wifi: iwlwifi: rfi: use a single DSM function for all RFI configurations (bsc#1227149). - wifi: iwlwifi: send EDT table to FW (bsc#1227149). - wifi: iwlwifi: separate TAS 'read-from-BIOS' and 'send-to-FW' flows (bsc#1227149). - wifi: iwlwifi: simplify getting DSM from ACPI (bsc#1227149). - wifi: iwlwifi: skip affinity setting on non-SMP (bsc#1227149). - wifi: iwlwifi: skip opmode start retries on dead transport (bsc#1227149). - wifi: iwlwifi: small cleanups in PPAG table flows (bsc#1227149). - wifi: iwlwifi: support link command version 2 (bsc#1227149). - wifi: iwlwifi: support link id in SESSION_PROTECTION_NOTIF (bsc#1227149). - wifi: iwlwifi: support link_id in SESSION_PROTECTION cmd (bsc#1227149). - wifi: iwlwifi: take SGOM and UATS code out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: take send-DSM-to-FW flows out of ACPI ifdef (bsc#1227149). - wifi: iwlwifi: trace full frames with TX status request (bsc#1227149). - wifi: iwlwifi: update context info structure definitions (bsc#1227149). - wifi: iwlwifi: use system_unbound_wq for debug dump (bsc#1227149). - wifi: iwlwifi: validate PPAG table when sent to FW (bsc#1227149). - wifi: lib80211: remove unused variables iv32 and iv16 (bsc#1227149). - wifi: libertas: Follow renaming of SPI 'master' to 'controller' (bsc#1227149). - wifi: libertas: add missing calls to cancel_work_sync() (bsc#1227149). - wifi: libertas: cleanup SDIO reset (bsc#1227149). - wifi: libertas: handle possible spu_write_u16() errors (bsc#1227149). - wifi: libertas: prefer kstrtoX() for simple integer conversions (bsc#1227149). - wifi: libertas: simplify list operations in free_if_spi_card() (bsc#1227149). - wifi: libertas: use convenient lists to manage SDIO packets (bsc#1227149). - wifi: mac80211: Add __counted_by for struct ieee802_11_elems and use struct_size() (bsc#1227149). - wifi: mac80211: Avoid address calculations via out of bounds array indexing (stable-fixes). - wifi: mac80211: Check if we had first beacon with relevant links (bsc#1227149). - wifi: mac80211: Do not force off-channel for management Tx with MLO (bsc#1227149). - wifi: mac80211: Do not include crypto/algapi.h (bsc#1227149). - wifi: mac80211: Extend support for scanning while MLO connected (bsc#1227149). - wifi: mac80211: Fix SMPS handling in the context of MLO (bsc#1227149). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: Notify the low level driver on change in MLO valid links (bsc#1227149). - wifi: mac80211: Print local link address during authentication (bsc#1227149). - wifi: mac80211: Recalc offload when monitor stop (git-fixes). - wifi: mac80211: Remove unused function declarations (bsc#1227149). - wifi: mac80211: Rename and update IEEE80211_VIF_DISABLE_SMPS_OVERRIDE (bsc#1227149). - wifi: mac80211: Replace ENOTSUPP with EOPNOTSUPP (bsc#1227149). - wifi: mac80211: Sanity check tx bitrate if not provided by driver (bsc#1227149). - wifi: mac80211: Schedule regulatory channels check on bandwith change (bsc#1227149). - wifi: mac80211: Skip association timeout update after comeback rejection (bsc#1227149). - wifi: mac80211: add a driver callback to add vif debugfs (bsc#1227149). - wifi: mac80211: add a driver callback to check active_links (bsc#1227149). - wifi: mac80211: add a flag to disallow puncturing (bsc#1227149). - wifi: mac80211: add back SPDX identifier (bsc#1227149). - wifi: mac80211: add ieee80211_tdls_sta_link_id() (stable-fixes). - wifi: mac80211: add link id to ieee80211_gtk_rekey_add() (bsc#1227149). - wifi: mac80211: add link id to mgd_prepare_tx() (bsc#1227149). - wifi: mac80211: add more ops assertions (bsc#1227149). - wifi: mac80211: add more warnings about inserting sta info (bsc#1227149). - wifi: mac80211: add support for SPP A-MSDUs (bsc#1227149). - wifi: mac80211: add support for mld in ieee80211_chswitch_done (bsc#1227149). - wifi: mac80211: add support for parsing TID to Link mapping element (bsc#1227149). - wifi: mac80211: add/remove driver debugfs entries as appropriate (bsc#1227149). - wifi: mac80211: additions to change_beacon() (bsc#1227149). - wifi: mac80211: address some kerneldoc warnings (bsc#1227149). - wifi: mac80211: allow 64-bit radiotap timestamps (bsc#1227149). - wifi: mac80211: allow for_each_sta_active_link() under RCU (bsc#1227149). - wifi: mac80211: apply mcast rate only if interface is up (stable-fixes). - wifi: mac80211: cancel multi-link reconf work on disconnect (git-fixes). - wifi: mac80211: chanctx emulation set CHANGE_CHANNEL when in_reconfig (git-fixes). - wifi: mac80211: check EHT/TTLM action frame length (bsc#1227149). - wifi: mac80211: check wiphy mutex in ops (bsc#1227149). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: cleanup airtime arithmetic with ieee80211_sta_keep_active() (bsc#1227149). - wifi: mac80211: cleanup auth_data only if association continues (bsc#1227149). - wifi: mac80211: convert A-MPDU work to wiphy work (bsc#1227149). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: correctly set active links upon TTLM (bsc#1227149). - wifi: mac80211: correcty limit wider BW TDLS STAs (git-fixes). - wifi: mac80211: debugfs: lock wiphy instead of RTNL (bsc#1227149). - wifi: mac80211: describe return values in kernel-doc (bsc#1227149). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: do not connect to an AP while it's in a CSA process (bsc#1227149). - wifi: mac80211: do not re-add debugfs entries during resume (bsc#1227149). - wifi: mac80211: do not select link ID if not provided in scan request (bsc#1227149). - wifi: mac80211: do not set ESS capab bit in assoc request (bsc#1227149). - wifi: mac80211: do not use rate mask for scanning (stable-fixes). - wifi: mac80211: drop robust action frames before assoc (bsc#1227149). - wifi: mac80211: drop spurious WARN_ON() in ieee80211_ibss_csa_beacon() (bsc#1227149). - wifi: mac80211: ensure beacon is non-S1G prior to extracting the beacon timestamp field (stable-fixes). - wifi: mac80211: ethtool: always hold wiphy mutex (bsc#1227149). - wifi: mac80211: ethtool: hold wiphy mutex (bsc#1227149). - wifi: mac80211: expand __ieee80211_data_to_8023() status (bsc#1227149). - wifi: mac80211: extend wiphy lock in interface removal (bsc#1227149). - wifi: mac80211: fix BA session teardown race (bsc#1227149). - wifi: mac80211: fix BSS_CHANGED_UNSOL_BCAST_PROBE_RESP (bsc#1227149). - wifi: mac80211: fix SMPS status handling (bsc#1227149). - wifi: mac80211: fix TXQ error path and cleanup (bsc#1227149). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: fix a expired vs. cancel race in roc (bsc#1227149). - wifi: mac80211: fix advertised TTLM scheduling (bsc#1227149). - wifi: mac80211: fix another key installation error path (bsc#1227149). - wifi: mac80211: fix change_address deadlock during unregister (bsc#1227149). - wifi: mac80211: fix channel switch link data (bsc#1227149). - wifi: mac80211: fix driver debugfs for vif type change (bsc#1227149). - wifi: mac80211: fix error path key leak (bsc#1227149). - wifi: mac80211: fix header kernel-doc typos (bsc#1227149). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix ieee80211_drop_unencrypted_mgmt return type/value (bsc#1227149). - wifi: mac80211: fix monitor channel with chanctx emulation (bsc#1227149). - wifi: mac80211: fix potential key leak (bsc#1227149). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: fix spelling typo in comment (bsc#1227149). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211: fix unsolicited broadcast probe config (bsc#1227149). - wifi: mac80211: fix various kernel-doc issues (bsc#1227149). - wifi: mac80211: fixes in FILS discovery updates (bsc#1227149). - wifi: mac80211: flush STA queues on unauthorization (bsc#1227149). - wifi: mac80211: flush wiphy work where appropriate (bsc#1227149). - wifi: mac80211: handle debugfs when switching to/from MLO (bsc#1227149). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: hold wiphy lock in netdev/link debugfs (bsc#1227149). - wifi: mac80211: hold wiphy_lock around concurrency checks (bsc#1227149). - wifi: mac80211: improve CSA/ECSA connection refusal (bsc#1227149). - wifi: mac80211: initialize SMPS mode correctly (bsc#1227149). - wifi: mac80211: lock wiphy for aggregation debugfs (bsc#1227149). - wifi: mac80211: lock wiphy in IP address notifier (bsc#1227149). - wifi: mac80211: make mgd_protect_tdls_discover MLO-aware (bsc#1227149). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: Remove unused function declaration mesh_ids_set_default() (bsc#1227149). - wifi: mac80211: mesh: fix some kdoc warnings (bsc#1227149). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mac80211: move CSA finalize to wiphy work (bsc#1227149). - wifi: mac80211: move DFS CAC work to wiphy work (bsc#1227149). - wifi: mac80211: move TDLS work to wiphy work (bsc#1227149). - wifi: mac80211: move color change finalize to wiphy work (bsc#1227149). - wifi: mac80211: move dynamic PS to wiphy work (bsc#1227149). - wifi: mac80211: move filter reconfig to wiphy work (bsc#1227149). - wifi: mac80211: move key tailroom work to wiphy work (bsc#1227149). - wifi: mac80211: move link activation work to wiphy work (bsc#1227149). - wifi: mac80211: move monitor work to wiphy work (bsc#1227149). - wifi: mac80211: move tspec work to wiphy work (bsc#1227149). - wifi: mac80211: process and save negotiated TID to Link mapping request (bsc#1227149). - wifi: mac80211: purge TX queues in flush_queues flow (bsc#1227149). - wifi: mac80211: reduce iflist_mtx (bsc#1227149). - wifi: mac80211: reject MLO channel configuration if not supported (bsc#1227149). - wifi: mac80211: relax RCU check in for_each_vif_active_link() (bsc#1227149). - wifi: mac80211: remove RX_DROP_UNUSABLE (bsc#1227149). - wifi: mac80211: remove ampdu_mlme.mtx (bsc#1227149). - wifi: mac80211: remove chanctx_mtx (bsc#1227149). - wifi: mac80211: remove key_mtx (bsc#1227149). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mac80211: remove local->mtx (bsc#1227149). - wifi: mac80211: remove redundant ML element check (bsc#1227149). - wifi: mac80211: remove shifted rate support (bsc#1227149). - wifi: mac80211: remove sta_mtx (bsc#1227149). - wifi: mac80211: remove unnecessary struct forward declaration (bsc#1227149). - wifi: mac80211: rename ieee80211_tx_status() to ieee80211_tx_status_skb() (bsc#1227149). - wifi: mac80211: rename struct cfg80211_rx_assoc_resp to cfg80211_rx_assoc_resp_data (bsc#1227149). - wifi: mac80211: report per-link error during association (bsc#1227149). - wifi: mac80211: reset negotiated TTLM on disconnect (git-fixes). - wifi: mac80211: rework RX timestamp flags (bsc#1227149). - wifi: mac80211: rework ack_frame_id handling a bit (bsc#1227149). - wifi: mac80211: rx.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: set wiphy for virtual monitors (bsc#1227149). - wifi: mac80211: simplify non-chanctx drivers (bsc#1227149). - wifi: mac80211: split ieee80211_drop_unencrypted_mgmt() return value (bsc#1227149). - wifi: mac80211: sta_info.c: fix sentence grammar (bsc#1227149). - wifi: mac80211: support antenna control in injection (bsc#1227149). - wifi: mac80211: support handling of advertised TID-to-link mapping (bsc#1227149). - wifi: mac80211: take MBSSID/EHT data also from probe resp (bsc#1227149). - wifi: mac80211: take wiphy lock for MAC addr change (bsc#1227149). - wifi: mac80211: tx: clarify conditions in if statement (bsc#1227149). - wifi: mac80211: update beacon counters per link basis (bsc#1227149). - wifi: mac80211: update some locking documentation (bsc#1227149). - wifi: mac80211: update the rx_chains after set_antenna() (bsc#1227149). - wifi: mac80211: use bandwidth indication element for CSA (bsc#1227149). - wifi: mac80211: use deflink and fix typo in link ID check (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs for sdata/link (bsc#1227149). - wifi: mac80211: use wiphy locked debugfs helpers for agg_status (bsc#1227149). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mt7601u: delete dead code checking debugfs returns (bsc#1227149). - wifi: mt7601u: replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Annotate struct mt76_rx_tid with __counted_by (bsc#1227149). - wifi: mt76: Convert to platform remove callback returning void (bsc#1227149). - wifi: mt76: Remove redundant assignment to variable tidno (bsc#1227149). - wifi: mt76: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: mt76: Replace strlcpy() with strscpy() (bsc#1227149). - wifi: mt76: Use PTR_ERR_OR_ZERO() to simplify code (bsc#1227149). - wifi: mt76: add DMA mapping error check in mt76_alloc_txwi() (bsc#1227149). - wifi: mt76: add ability to explicitly forbid LED registration with DT (bsc#1227149). - wifi: mt76: add support for providing eeprom in nvmem cells (bsc#1227149). - wifi: mt76: add tx_nss histogram to ethtool stats (bsc#1227149). - wifi: mt76: change txpower init to per-phy (bsc#1227149). - wifi: mt76: check sta rx control frame to multibss capability (bsc#1227149). - wifi: mt76: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: check vif type before reporting cca and csa (bsc#1227149). - wifi: mt76: connac: add MBSSID support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon duplicate TX mode support for mt7996 (bsc#1227149). - wifi: mt76: connac: add beacon protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: add connac3 mac library (bsc#1227149). - wifi: mt76: connac: add data field in struct tlv (bsc#1227149). - wifi: mt76: connac: add eht support for phy mode config (bsc#1227149). - wifi: mt76: connac: add eht support for tx power (bsc#1227149). - wifi: mt76: connac: add firmware support for mt7992 (bsc#1227149). - wifi: mt76: connac: add more unified command IDs (bsc#1227149). - wifi: mt76: connac: add more unified event IDs (bsc#1227149). - wifi: mt76: connac: add new definition of tx descriptor (bsc#1227149). - wifi: mt76: connac: add support for dsp firmware download (bsc#1227149). - wifi: mt76: connac: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: connac: add thermal protection support for mt7996 (bsc#1227149). - wifi: mt76: connac: check for null before dereferencing (bsc#1227149). - wifi: mt76: connac: export functions for mt7925 (bsc#1227149). - wifi: mt76: connac: introduce helper for mt7925 chipset (bsc#1227149). - wifi: mt76: connac: set correct muar_idx for mt799x chipsets (bsc#1227149). - wifi: mt76: connac: set fixed_bw bit in TX descriptor for fixed rate frames (bsc#1227149). - wifi: mt76: connac: use muar idx 0xe for non-mt799x as well (bsc#1227149). - wifi: mt76: disable HW AMSDU when using fixed rate (bsc#1227149). - wifi: mt76: dma: introduce __mt76_dma_queue_reset utility routine (bsc#1227149). - wifi: mt76: enable UNII-4 channel 177 support (bsc#1227149). - wifi: mt76: fix race condition related to checking tx queue fill status (bsc#1227149). - wifi: mt76: fix the issue of missing txpwr settings from ch153 to ch177 (bsc#1227149). - wifi: mt76: fix typo in mt76_get_of_eeprom_from_nvmem function (bsc#1227149). - wifi: mt76: increase MT_QFLAG_WED_TYPE size (bsc#1227149). - wifi: mt76: introduce mt76_queue_is_wed_tx_free utility routine (bsc#1227149). - wifi: mt76: introduce wed pointer in mt76_queue (bsc#1227149). - wifi: mt76: limit support of precal loading for mt7915 to MTD only (bsc#1227149). - wifi: mt76: make mt76_get_of_eeprom static again (bsc#1227149). - wifi: mt76: mmio: move mt76_mmio_wed_{init,release}_rx_buf in common code (bsc#1227149). - wifi: mt76: move ampdu_state in mt76_wcid (bsc#1227149). - wifi: mt76: move mt76_mmio_wed_offload_{enable,disable} in common code (bsc#1227149). - wifi: mt76: move mt76_net_setup_tc in common code (bsc#1227149). - wifi: mt76: move rate info in mt76_vif (bsc#1227149). - wifi: mt76: move wed reset common code in mt76 module (bsc#1227149). - wifi: mt76: mt7603: add missing register initialization for MT7628 (bsc#1227149). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: disable A-MSDU tx support on MT7628 (bsc#1227149). - wifi: mt76: mt7603: fix beacon interval after disabling a single vif (bsc#1227149). - wifi: mt76: mt7603: fix tx filter/flush function (bsc#1227149). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7603: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7603: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7615: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7615: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7615: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7615: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt76_connac3: move lmac queue enumeration in mt76_connac3_mac.h (bsc#1227149). - wifi: mt76: mt76x02: fix return value check in mt76x02_mac_process_rx (bsc#1227149). - wifi: mt76: mt76x2u: add netgear wdna3100v3 to device table (bsc#1227149). - wifi: mt76: mt7915 add tc offloading support (bsc#1227149). - wifi: mt76: mt7915: accumulate mu-mimo ofdma muru stats (bsc#1227149). - wifi: mt76: mt7915: add locking for accessing mapped registers (bsc#1227149). - wifi: mt76: mt7915: add missing chanctx ops (bsc#1227149). - wifi: mt76: mt7915: add support for MT7981 (bsc#1227149). - wifi: mt76: mt7915: also MT7981 is 3T3R but nss2 on 5 GHz band (bsc#1227149). - wifi: mt76: mt7915: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7915: drop return in mt7915_sta_statistics (bsc#1227149). - wifi: mt76: mt7915: fix EEPROM offset of TSSI flag on MT7981 (bsc#1227149). - wifi: mt76: mt7915: fix error recovery with WED enabled (bsc#1227149). - wifi: mt76: mt7915: fix monitor mode issues (bsc#1227149). - wifi: mt76: mt7915: move mib_stats structure in mt76.h (bsc#1227149). - wifi: mt76: mt7915: move poll_list in mt76_wcid (bsc#1227149). - wifi: mt76: mt7915: move sta_poll_list and sta_poll_lock in mt76_dev (bsc#1227149). - wifi: mt76: mt7915: report tx retries/failed counts for non-WED path (bsc#1227149). - wifi: mt76: mt7915: update mpdu density capability (bsc#1227149). - wifi: mt76: mt7915: update mt798x_wmac_adie_patch_7976 (bsc#1227149). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7921: Support temp sensor (bsc#1227149). - wifi: mt76: mt7921: add 6GHz power type support for clc (bsc#1227149). - wifi: mt76: mt7921: convert acpisar and clc pointers to void (bsc#1227149). - wifi: mt76: mt7921: enable set txpower for UNII-4 (bsc#1227149). - wifi: mt76: mt7921: fix 6GHz disabled by the missing default CLC config (bsc#1227149). - wifi: mt76: mt7921: fix CLC command timeout when suspend/resume (bsc#1227149). - wifi: mt76: mt7921: fix a potential association failure upon resuming (bsc#1227149). - wifi: mt76: mt7921: fix kernel panic by accessing invalid 6GHz channel info (bsc#1227149). - wifi: mt76: mt7921: fix suspend issue on MediaTek COB platform (bsc#1227149). - wifi: mt76: mt7921: fix the unfinished command of regd_notifier before suspend (bsc#1227149). - wifi: mt76: mt7921: fix wrong 6Ghz power type (bsc#1227149). - wifi: mt76: mt7921: get regulatory information from the clc event (bsc#1227149). - wifi: mt76: mt7921: get rid of MT7921_RESET_TIMEOUT marco (bsc#1227149). - wifi: mt76: mt7921: make mt7921_mac_sta_poll static (bsc#1227149). - wifi: mt76: mt7921: move acpi_sar code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move common register definition in mt792x_regs.h (bsc#1227149). - wifi: mt76: mt7921: move connac nic capability handling to mt7921 (bsc#1227149). - wifi: mt76: mt7921: move debugfs shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move dma shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move hif_ops macro in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move init shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mac shared code in mt792x-lib module (bsc#1227149). - wifi: mt76: mt7921: move mt7921_dma_init in pci.c (bsc#1227149). - wifi: mt76: mt7921: move mt7921u_disconnect mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move mt792x_hw_dev in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move mt792x_mutex_{acquire/release} in mt792x.h (bsc#1227149). - wifi: mt76: mt7921: move runtime-pm pci code in mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: move shared runtime-pm code on mt792x-lib (bsc#1227149). - wifi: mt76: mt7921: reduce the size of MCU firmware download Rx queue (bsc#1227149). - wifi: mt76: mt7921: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7921: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7921: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7921: remove macro duplication in regs.h (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_dev in mt792x_dev (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_hif_ops in mt792x_hif_ops (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_phy in mt792x_phy (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_sta in mt792x_sta (bsc#1227149). - wifi: mt76: mt7921: rename mt7921_vif in mt792x_vif (bsc#1227149). - wifi: mt76: mt7921: support 5.9/6GHz channel config in acpi (bsc#1227149). - wifi: mt76: mt7921: update the channel usage when the regd domain changed (bsc#1227149). - wifi: mt76: mt7921e: report tx retries/failed counts in tx free event (bsc#1227149). - wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (stable-fixes). - wifi: mt76: mt7925: add Mediatek Wi-Fi7 driver for mt7925 chips (bsc#1227149). - wifi: mt76: mt7925: add flow to avoid chip bt function fail (bsc#1227149). - wifi: mt76: mt7925: add support to set ifs time by mcu command (bsc#1227149). - wifi: mt76: mt7925: ensure 4-byte alignment for suspend & wow command (bsc#1227149). - wifi: mt76: mt7925: fix SAP no beacon issue in 5Ghz and 6Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix WoW failed in encrypted mode (bsc#1227149). - wifi: mt76: mt7925: fix connect to 80211b mode fail in 2Ghz band (bsc#1227149). - wifi: mt76: mt7925: fix fw download fail (bsc#1227149). - wifi: mt76: mt7925: fix mcu query command fail (bsc#1227149). - wifi: mt76: mt7925: fix the wrong data type for scan command (bsc#1227149). - wifi: mt76: mt7925: fix the wrong header translation config (bsc#1227149). - wifi: mt76: mt7925: fix typo in mt7925_init_he_caps (bsc#1227149). - wifi: mt76: mt7925: fix wmm queue mapping (bsc#1227149). - wifi: mt76: mt7925: remove iftype from mt7925_init_eht_caps signature (bsc#1227149). - wifi: mt76: mt7925: support temperature sensor (bsc#1227149). - wifi: mt76: mt7925: update PCIe DMA settings (bsc#1227149). - wifi: mt76: mt7925e: fix use-after-free in free_irq() (bsc#1227149). - wifi: mt76: mt792x: add the illegal value check for mtcl table of acpi (bsc#1227149). - wifi: mt76: mt792x: fix ethtool warning (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x-usb module (bsc#1227149). - wifi: mt76: mt792x: introduce mt792x_irq_map (bsc#1227149). - wifi: mt76: mt792x: move MT7921_PM_TIMEOUT and MT7921_HW_SCAN_TIMEOUT in common code (bsc#1227149). - wifi: mt76: mt792x: move more dma shared code in mt792x_dma (bsc#1227149). - wifi: mt76: mt792x: move mt7921_load_firmware in mt792x-lib module (bsc#1227149). - wifi: mt76: mt792x: move mt7921_skb_add_usb_sdio_hdr in mt792x module (bsc#1227149). - wifi: mt76: mt792x: move shared structure definition in mt792x.h (bsc#1227149). - wifi: mt76: mt792x: move some common usb code in mt792x module (bsc#1227149). - wifi: mt76: mt792x: support mt7925 chip init (bsc#1227149). - wifi: mt76: mt792x: update the country list of EU for ACPI SAR (bsc#1227149). - wifi: mt76: mt792xu: enable dmashdl support (bsc#1227149). - wifi: mt76: mt7996: Add mcu commands for getting sta tx statistic (bsc#1227149). - wifi: mt76: mt7996: Use DECLARE_FLEX_ARRAY() and fix -Warray-bounds warnings (bsc#1227149). - wifi: mt76: mt7996: add DMA support for mt7992 (bsc#1227149). - wifi: mt76: mt7996: add TX statistics for EHT mode in debugfs (bsc#1227149). - wifi: mt76: mt7996: add muru support (bsc#1227149). - wifi: mt76: mt7996: add sanity checks for background radar trigger (stable-fixes). - wifi: mt76: mt7996: add support for variants with auxiliary RX path (bsc#1227149). - wifi: mt76: mt7996: add thermal sensor device support (bsc#1227149). - wifi: mt76: mt7996: add txpower setting support (bsc#1227149). - wifi: mt76: mt7996: adjust WFDMA settings to improve performance (bsc#1227149). - wifi: mt76: mt7996: adjust interface num and wtbl size for mt7992 (bsc#1227149). - wifi: mt76: mt7996: align the format of fixed rate command (bsc#1227149). - wifi: mt76: mt7996: check txs format before getting skb by pid (bsc#1227149). - wifi: mt76: mt7996: disable WFDMA Tx/Rx during SER recovery (bsc#1227149). - wifi: mt76: mt7996: drop return in mt7996_sta_statistics (bsc#1227149). - wifi: mt76: mt7996: enable BSS_CHANGED_MU_GROUPS support (bsc#1227149). - wifi: mt76: mt7996: enable PPDU-TxS to host (bsc#1227149). - wifi: mt76: mt7996: enable VHT extended NSS BW feature (bsc#1227149). - wifi: mt76: mt7996: ensure 4-byte alignment for beacon commands (bsc#1227149). - wifi: mt76: mt7996: fix alignment of sta info event (bsc#1227149). - wifi: mt76: mt7996: fix fortify warning (bsc#1227149). - wifi: mt76: mt7996: fix fw loading timeout (bsc#1227149). - wifi: mt76: mt7996: fix mt7996_mcu_all_sta_info_event struct packing (bsc#1227149). - wifi: mt76: mt7996: fix potential memory leakage when reading chip temperature (bsc#1227149). - wifi: mt76: mt7996: fix size of txpower MCU command (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in mt7996_irq_tasklet() (bsc#1227149). - wifi: mt76: mt7996: fix uninitialized variable in parsing txfree (bsc#1227149). - wifi: mt76: mt7996: get tx_retries and tx_failed from txfree (bsc#1227149). - wifi: mt76: mt7996: handle IEEE80211_RC_SMPS_CHANGED (bsc#1227149). - wifi: mt76: mt7996: increase tx token size (bsc#1227149). - wifi: mt76: mt7996: introduce mt7996_band_valid() (bsc#1227149). - wifi: mt76: mt7996: mark GCMP IGTK unsupported (bsc#1227149). - wifi: mt76: mt7996: move radio ctrl commands to proper functions (bsc#1227149). - wifi: mt76: mt7996: only set vif teardown cmds at remove interface (bsc#1227149). - wifi: mt76: mt7996: rely on mib_stats shared definition (bsc#1227149). - wifi: mt76: mt7996: rely on shared poll_list field (bsc#1227149). - wifi: mt76: mt7996: rely on shared sta_poll_list and sta_poll_lock (bsc#1227149). - wifi: mt76: mt7996: remove TXS queue setting (bsc#1227149). - wifi: mt76: mt7996: remove periodic MPDU TXS request (bsc#1227149). - wifi: mt76: mt7996: rework ampdu params setting (bsc#1227149). - wifi: mt76: mt7996: rework register offsets for mt7992 (bsc#1227149). - wifi: mt76: mt7996: set DMA mask to 36 bits for boards with more than 4GB of RAM (bsc#1227149). - wifi: mt76: mt7996: support more options for mt7996_set_bitrate_mask() (bsc#1227149). - wifi: mt76: mt7996: support mt7992 eeprom loading (bsc#1227149). - wifi: mt76: mt7996: support per-band LED control (bsc#1227149). - wifi: mt76: mt7996: switch to mcu command for TX GI report (bsc#1227149). - wifi: mt76: mt7996: use u16 for val field in mt7996_mcu_set_rro signature (bsc#1227149). - wifi: mt76: permit to load precal from NVMEM cell for mt7915 (bsc#1227149). - wifi: mt76: permit to use alternative cell name to eeprom NVMEM load (bsc#1227149). - wifi: mt76: reduce spin_lock_bh held up in mt76_dma_rx_cleanup (bsc#1227149). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mt76: report non-binding skb tx rate when WED is active (bsc#1227149). - wifi: mt76: set page_pool napi pointer for mmio devices (bsc#1227149). - wifi: mt76: split get_of_eeprom in subfunction (bsc#1227149). - wifi: mt76: usb: create a dedicated queue for psd traffic (bsc#1227149). - wifi: mt76: usb: store usb endpoint in mt76_queue (bsc#1227149). - wifi: mt76: use atomic iface iteration for pre-TBTT work (bsc#1227149). - wifi: mt76: use chainmask for power delta calculation (bsc#1227149). - wifi: mwifiex: Drop unused headers (bsc#1227149). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: mwifiex: Refactor 1-element array into flexible array in struct mwifiex_ie_types_chan_list_param_set (bsc#1227149). - wifi: mwifiex: Replace one-element array with flexible-array member in struct mwifiex_ie_types_rxba_sync (bsc#1227149). - wifi: mwifiex: Set WIPHY_FLAG_NETNS_OK flag (bsc#1227149). - wifi: mwifiex: Use default @max_active for workqueues (bsc#1227149). - wifi: mwifiex: Use helpers to check multicast addresses (bsc#1227149). - wifi: mwifiex: Use list_count_nodes() (bsc#1227149). - wifi: mwifiex: cleanup adapter data (bsc#1227149). - wifi: mwifiex: cleanup private data structures (bsc#1227149). - wifi: mwifiex: cleanup struct mwifiex_sdio_mpa_rx (bsc#1227149). - wifi: mwifiex: drop BUG_ON from TX paths (bsc#1227149). - wifi: mwifiex: fix comment typos in SDIO module (bsc#1227149). - wifi: mwifiex: followup PCIE and related cleanups (bsc#1227149). - wifi: mwifiex: handle possible mwifiex_write_reg() errors (bsc#1227149). - wifi: mwifiex: handle possible sscanf() errors (bsc#1227149). - wifi: mwifiex: mwifiex_process_sleep_confirm_resp(): remove unused priv variable (bsc#1227149). - wifi: mwifiex: prefer strscpy() over strlcpy() (bsc#1227149). - wifi: mwifiex: simplify PCIE write operations (bsc#1227149). - wifi: mwifiex: use MODULE_FIRMWARE to add firmware files metadata (bsc#1227149). - wifi: mwifiex: use cfg80211_ssid_eq() instead of mwifiex_ssid_cmp() (bsc#1227149). - wifi: mwifiex: use is_zero_ether_addr() instead of ether_addr_equal() (bsc#1227149). - wifi: mwifiex: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: Avoid address calculations via out of bounds array indexing (git-fixes). - wifi: nl80211: Extend del pmksa support for SAE and OWE security (bsc#1227149). - wifi: nl80211: Remove unused declaration nl80211_pmsr_dump_results() (bsc#1227149). - wifi: nl80211: additions to NL80211_CMD_SET_BEACON (bsc#1227149). - wifi: nl80211: allow reporting wakeup for unprot deauth/disassoc (bsc#1227149). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: nl80211: fixes to FILS discovery updates (bsc#1227149). - wifi: nl80211: refactor nl80211_send_mlme_event() arguments (bsc#1227149). - wifi: p54: Add missing MODULE_FIRMWARE macro (bsc#1227149). - wifi: p54: Annotate struct p54_cal_database with __counted_by (bsc#1227149). - wifi: p54: fix GCC format truncation warning with wiphy->fw_version (bsc#1227149). - wifi: plfxlc: Drop unused include (bsc#1227149). - wifi: radiotap: add bandwidth definition of EHT U-SIG (bsc#1227149). - wifi: remove unused argument of ieee80211_get_tdls_action() (bsc#1227149). - wifi: rsi: fix restricted __le32 degrades to integer sparse warnings (bsc#1227149). - wifi: rsi: rsi_91x_coex: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_debugfs: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_hal: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_mac80211: Remove unnecessary conversions (bsc#1227149). - wifi: rsi: rsi_91x_main: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_sdio_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rsi: rsi_91x_usb_ops: Remove unnecessary (void*) conversions (bsc#1227149). - wifi: rt2x00: Simplify bool conversion (bsc#1227149). - wifi: rt2x00: correct MAC_SYS_CTRL register RX mask in R-Calibration (bsc#1227149). - wifi: rt2x00: disable RTS threshold for rt2800 by default (bsc#1227149). - wifi: rt2x00: fix MT7620 low RSSI issue (bsc#1227149). - wifi: rt2x00: fix rt2800 watchdog function (bsc#1227149). - wifi: rt2x00: fix the typo in comments (bsc#1227149). - wifi: rt2x00: improve MT7620 register initialization (bsc#1227149). - wifi: rt2x00: introduce DMA busy check watchdog for rt2800 (bsc#1227149). - wifi: rt2x00: limit MT7620 TX power based on eeprom calibration (bsc#1227149). - wifi: rt2x00: make watchdog param per device (bsc#1227149). - wifi: rt2x00: remove redundant check if u8 array element is less than zero (bsc#1227149). - wifi: rt2x00: remove useless code in rt2x00queue_create_tx_descriptor() (bsc#1227149). - wifi: rt2x00: rework MT7620 PA/LNA RF calibration (bsc#1227149). - wifi: rt2x00: rework MT7620 channel config function (bsc#1227149). - wifi: rt2x00: silence sparse warnings (bsc#1227149). - wifi: rt2x00: simplify rt2x00crypto_rx_insert_iv() (bsc#1227149). - wifi: rtl8xxxu: 8188e: convert usage of priv->vif to priv->vifs[0] (bsc#1227149). - wifi: rtl8xxxu: 8188f: Limit TX power index (git-fixes). - wifi: rtl8xxxu: Actually use macid in rtl8xxxu_gen2_report_connect (bsc#1227149). - wifi: rtl8xxxu: Add TP-Link TL-WN823N V2 (bsc#1227149). - wifi: rtl8xxxu: Add a description about the device ID 0x7392:0xb722 (bsc#1227149). - wifi: rtl8xxxu: Add beacon functions (bsc#1227149). - wifi: rtl8xxxu: Add parameter force to rtl8xxxu_refresh_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter macid to update_rate_mask (bsc#1227149). - wifi: rtl8xxxu: Add parameter role to report_connect (bsc#1227149). - wifi: rtl8xxxu: Add set_tim() callback (bsc#1227149). - wifi: rtl8xxxu: Add sta_add() and sta_remove() callbacks (bsc#1227149). - wifi: rtl8xxxu: Add start_ap() callback (bsc#1227149). - wifi: rtl8xxxu: Allow creating interface in AP mode (bsc#1227149). - wifi: rtl8xxxu: Allow setting rts threshold to -1 (bsc#1227149). - wifi: rtl8xxxu: Clean up filter configuration (bsc#1227149). - wifi: rtl8xxxu: Declare AP mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192EU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8710BU (RTL8188GU) (bsc#1227149). - wifi: rtl8xxxu: Enable AP mode for RTL8723BU (bsc#1227149). - wifi: rtl8xxxu: Enable hw seq for mgmt/non-QoS data frames (bsc#1227149). - wifi: rtl8xxxu: Fix LED control code of RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: Fix off by one initial RTS rate (bsc#1227149). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtl8xxxu: Put the macid in txdesc (bsc#1227149). - wifi: rtl8xxxu: Remove usage of ieee80211_get_tx_rate() (bsc#1227149). - wifi: rtl8xxxu: Remove usage of tx_info->control.rates[0].flags (bsc#1227149). - wifi: rtl8xxxu: Rename some registers (bsc#1227149). - wifi: rtl8xxxu: Select correct queue for beacon frames (bsc#1227149). - wifi: rtl8xxxu: Set maximum number of supported stations (bsc#1227149). - wifi: rtl8xxxu: Support USB RX aggregation for the newer chips (bsc#1227149). - wifi: rtl8xxxu: Support new chip RTL8192FU (bsc#1227149). - wifi: rtl8xxxu: add hw crypto support for AP mode (bsc#1227149). - wifi: rtl8xxxu: add macids for STA mode (bsc#1227149). - wifi: rtl8xxxu: add missing number of sec cam entries for all variants (bsc#1227149). - wifi: rtl8xxxu: check vif before using in rtl8xxxu_tx() (bsc#1227149). - wifi: rtl8xxxu: convert EN_DESC_ID of TX descriptor to le32 type (bsc#1227149). - wifi: rtl8xxxu: declare concurrent mode support for 8188f (bsc#1227149). - wifi: rtl8xxxu: do not parse CFO, if both interfaces are connected in STA mode (bsc#1227149). - wifi: rtl8xxxu: enable MFP support with security flag of RX descriptor (bsc#1227149). - wifi: rtl8xxxu: enable channel switch support (bsc#1227149). - wifi: rtl8xxxu: extend check for matching bssid to both interfaces (bsc#1227149). - wifi: rtl8xxxu: extend wifi connected check to both interfaces (bsc#1227149). - wifi: rtl8xxxu: fix error messages (bsc#1227149). - wifi: rtl8xxxu: fix mixed declarations in rtl8xxxu_set_aifs() (bsc#1227149). - wifi: rtl8xxxu: make instances of iface limit and combination to be static const (bsc#1227149). - wifi: rtl8xxxu: make supporting AP mode only on port 0 transparent (bsc#1227149). - wifi: rtl8xxxu: mark TOTOLINK N150UA V5/N150UA-B as tested (bsc#1227149). - wifi: rtl8xxxu: prepare supporting two virtual interfaces (bsc#1227149). - wifi: rtl8xxxu: remove assignment of priv->vif in rtl8xxxu_bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: remove obsolete priv->vif (bsc#1227149). - wifi: rtl8xxxu: rtl8xxxu_rx_complete(): remove unnecessary return (bsc#1227149). - wifi: rtl8xxxu: support multiple interface in start_ap() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in bss_info_changed() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in configure_filter() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in update_beacon_work_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in watchdog_callback() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in {add,remove}_interface() (bsc#1227149). - wifi: rtl8xxxu: support multiple interfaces in set_aifs() (bsc#1227149). - wifi: rtl8xxxu: support setting bssid register for multiple interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting linktype for both interfaces (bsc#1227149). - wifi: rtl8xxxu: support setting mac address register for both interfaces (bsc#1227149). - wifi: rtl8xxxu: update rate mask per sta (bsc#1227149). - wifi: rtlwifi: Convert to use PCIe capability accessors (bsc#1227149). - wifi: rtlwifi: Ignore IEEE80211_CONF_CHANGE_RETRY_LIMITS (bsc#1227149). - wifi: rtlwifi: Remove bridge vendor/device ids (bsc#1227149). - wifi: rtlwifi: Remove rtl_intf_ops.read_efuse_byte (bsc#1227149). - wifi: rtlwifi: Remove unused PCI related defines and struct (bsc#1227149). - wifi: rtlwifi: Speed up firmware loading for USB (bsc#1227149). - wifi: rtlwifi: cleanup USB interface (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxx_tx_fill_desc() routines (bsc#1227149). - wifi: rtlwifi: cleanup few rtlxxxx_set_hw_reg() routines (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_hal (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_phy (bsc#1227149). - wifi: rtlwifi: cleanup struct rtl_ps_ctl (bsc#1227149). - wifi: rtlwifi: drop chk_switch_dmdp() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop fill_fake_txdesc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop pre_fill_tx_bd_desc() from HAL interface (bsc#1227149). - wifi: rtlwifi: drop unused const_amdpci_aspm (bsc#1227149). - wifi: rtlwifi: remove misused flag from HAL data (bsc#1227149). - wifi: rtlwifi: remove unreachable code in rtl92d_dm_check_edca_turbo() (bsc#1227149). - wifi: rtlwifi: remove unused dualmac control leftovers (bsc#1227149). - wifi: rtlwifi: remove unused timer and related code (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix 2T2R chip type detection (bsc#1227149). - wifi: rtlwifi: rtl8192cu: Fix TX aggregation (bsc#1227149). - wifi: rtlwifi: rtl8192de: Do not read register in _rtl92de_query_rxphystatus (bsc#1227149). - wifi: rtlwifi: rtl8192de: Fix 5 GHz TX power (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtlwifi: rtl8723: Remove unused function rtl8723_cmd_send_packet() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Access full PMCS reg and use pci_regs.h (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Add pdev into _rtl8821ae_clear_pci_pme_status() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Remove unnecessary PME_Status bit set (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Reverse PM Capability exists check (bsc#1227149). - wifi: rtlwifi: rtl8821ae: Use pci_find_capability() (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: remove some useless code (bsc#1227149). - wifi: rtlwifi: rtl8821ae: phy: using calculate_bit_shift() (bsc#1227149). - wifi: rtlwifi: rtl92ee_dm_dynamic_primary_cca_check(): fix typo in function name (bsc#1227149). - wifi: rtlwifi: rtl_usb: Store the endpoint addresses (bsc#1227149). - wifi: rtlwifi: rtl_usb: Use sync register writes (bsc#1227149). - wifi: rtlwifi: set initial values for unexpected cases of USB endpoint priority (bsc#1227149). - wifi: rtlwifi: simplify LED management (bsc#1227149). - wifi: rtlwifi: simplify TX command fill callbacks (bsc#1227149). - wifi: rtlwifi: simplify rtl_action_proc() and rtl_tx_agg_start() (bsc#1227149). - wifi: rtlwifi: use convenient list_count_nodes() (bsc#1227149). - wifi: rtlwifi: use eth_broadcast_addr() to assign broadcast address (bsc#1227149). - wifi: rtlwifi: use helper function rtl_get_hdr() (bsc#1227149). - wifi: rtlwifi: use unsigned long for bt_coexist_8723 timestamp (bsc#1227149). - wifi: rtlwifi: use unsigned long for rtl_bssid_entry timestamp (bsc#1227149). - wifi: rtw88: 8821c: tweak CCK TX filter setting for SRRC regulation (bsc#1227149). - wifi: rtw88: 8821c: update TX power limit to V67 (bsc#1227149). - wifi: rtw88: 8822c: update TX power limit to V70 (bsc#1227149). - wifi: rtw88: 8822ce: refine power parameters for RFE type 5 (bsc#1227149). - wifi: rtw88: Add support for the SDIO based RTL8723DS chipset (bsc#1227149). - wifi: rtw88: Fix AP mode incorrect DTIM behavior (bsc#1227149). - wifi: rtw88: Fix action frame transmission fail before association (bsc#1227149). - wifi: rtw88: Skip high queue in hci_flush (bsc#1227149). - wifi: rtw88: Stop high queue during scan (bsc#1227149). - wifi: rtw88: Use random MAC when efuse MAC invalid (bsc#1227149). - wifi: rtw88: add missing unwind goto for __rtw_download_firmware() (bsc#1227149). - wifi: rtw88: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw88: debug: remove wrapper of rtw_dbg() (bsc#1227149). - wifi: rtw88: dump firmware debug information in abnormal state (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_copy_from_user (bsc#1227149). - wifi: rtw88: fix incorrect error codes in rtw_debugfs_set_* (bsc#1227149). - wifi: rtw88: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw88: fix typo rtw8822cu_probe (bsc#1227149). - wifi: rtw88: process VO packets without workqueue to avoid PTK rekey failed (bsc#1227149). - wifi: rtw88: refine register based H2C command (bsc#1227149). - wifi: rtw88: regd: configure QATAR and UK (bsc#1227149). - wifi: rtw88: regd: update regulatory map to R64-R42 (bsc#1227149). - wifi: rtw88: remove unused USB bulkout size set (bsc#1227149). - wifi: rtw88: remove unused and set but unused leftovers (bsc#1227149). - wifi: rtw88: rtw8723d: Implement RTL8723DS (SDIO) efuse parsing (bsc#1227149). - wifi: rtw88: simplify __rtw_tx_work() (bsc#1227149). - wifi: rtw88: simplify vif iterators (bsc#1227149). - wifi: rtw88: use cfg80211_ssid_eq() instead of rtw_ssid_equal() (bsc#1227149). - wifi: rtw88: use kstrtoX_from_user() in debugfs handlers (bsc#1227149). - wifi: rtw88: use struct instead of macros to set TX desc (bsc#1227149). - wifi: rtw89: 52c: rfk: disable DPK during MCC (bsc#1227149). - wifi: rtw89: 52c: rfk: refine MCC channel info notification (bsc#1227149). - wifi: rtw89: 8851b: add 8851B basic chip_info (bsc#1227149). - wifi: rtw89: 8851b: add 8851be to Makefile and Kconfig (bsc#1227149). - wifi: rtw89: 8851b: add BT coexistence support function (bsc#1227149). - wifi: rtw89: 8851b: add DLE mem and HFC quota (bsc#1227149). - wifi: rtw89: 8851b: add MAC configurations to chip_info (bsc#1227149). - wifi: rtw89: 8851b: add NCTL post table (bsc#1227149). - wifi: rtw89: 8851b: add RF configurations (bsc#1227149). - wifi: rtw89: 8851b: add TX power related functions (bsc#1227149). - wifi: rtw89: 8851b: add basic power on function (bsc#1227149). - wifi: rtw89: 8851b: add set channel function (bsc#1227149). - wifi: rtw89: 8851b: add set_channel_rf() (bsc#1227149). - wifi: rtw89: 8851b: add support WoWLAN to 8851B (bsc#1227149). - wifi: rtw89: 8851b: add to parse efuse content (bsc#1227149). - wifi: rtw89: 8851b: add to read efuse version to recognize hardware version B (bsc#1227149). - wifi: rtw89: 8851b: configure CRASH_TRIGGER feature for 8851B (bsc#1227149). - wifi: rtw89: 8851b: configure GPIO according to RFE type (bsc#1227149). - wifi: rtw89: 8851b: configure to force 1 TX power value (bsc#1227149). - wifi: rtw89: 8851b: enable hw_scan support (bsc#1227149). - wifi: rtw89: 8851b: fill BB related capabilities to chip_info (bsc#1227149). - wifi: rtw89: 8851b: rfk: Fix spelling mistake KIP_RESOTRE -> KIP_RESTORE (bsc#1227149). - wifi: rtw89: 8851b: rfk: add AACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DACK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add DPK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add IQK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add LCK track (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add RX DCK (bsc#1227149). - wifi: rtw89: 8851b: rfk: add TSSI (bsc#1227149). - wifi: rtw89: 8851b: rfk: update IQK to version 0x8 (bsc#1227149). - wifi: rtw89: 8851b: update RF radio A parameters to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R28 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R34 (bsc#1227149). - wifi: rtw89: 8851b: update TX power tables to R37 (bsc#1227149). - wifi: rtw89: 8851be: add 8851BE PCI entry and fill PCI capabilities (bsc#1227149). - wifi: rtw89: 8852b: fix definition of KIP register number (git-fixes). - wifi: rtw89: 8852b: update TX power tables to R35 (bsc#1227149). - wifi: rtw89: 8852b: update TX power tables to R36 (bsc#1227149). - wifi: rtw89: 8852c: Fix TSSI causes transmit power inaccuracy (bsc#1227149). - wifi: rtw89: 8852c: Update bandedge parameters for better performance (bsc#1227149). - wifi: rtw89: 8852c: add quirk to set PCI BER for certain platforms (bsc#1227149). - wifi: rtw89: 8852c: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8852c: read RX gain offset from efuse for 6GHz channels (bsc#1227149). - wifi: rtw89: 8852c: update RF radio A/B parameters to R63 (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (1 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (2 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R63 with 6 GHz power type (3 of 3) (bsc#1227149). - wifi: rtw89: 8852c: update TX power tables to R67 (bsc#1227149). - wifi: rtw89: 8922a: add 8922A basic chip info (bsc#1227149). - wifi: rtw89: 8922a: add BTG functions to assist BT coexistence to control TX/RX (bsc#1227149). - wifi: rtw89: 8922a: add NCTL pre-settings for WiFi 7 chips (bsc#1227149). - wifi: rtw89: 8922a: add RF read/write v2 (bsc#1227149). - wifi: rtw89: 8922a: add SER IMR tables (bsc#1227149). - wifi: rtw89: 8922a: add TX power related ops (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops related to BB init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops to get thermal value (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::bb_preinit to enable BB before downloading firmware (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::cfg_txrx_path (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_hw_init (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::rfk_init_late to do initial RF calibrations later (bsc#1227149). - wifi: rtw89: 8922a: add chip_ops::{enable,disable}_bb_rf (bsc#1227149). - wifi: rtw89: 8922a: add coexistence helpers of SW grant (bsc#1227149). - wifi: rtw89: 8922a: add helper of set_channel (bsc#1227149). - wifi: rtw89: 8922a: add ieee80211_ops::hw_scan (bsc#1227149). - wifi: rtw89: 8922a: add more fields to beacon H2C command to support multi-links (bsc#1227149). - wifi: rtw89: 8922a: add power on/off functions (bsc#1227149). - wifi: rtw89: 8922a: add register definitions of H2C, C2H, page, RRSR and EDCCA (bsc#1227149). - wifi: rtw89: 8922a: add set_channel BB part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel MAC part (bsc#1227149). - wifi: rtw89: 8922a: add set_channel RF part (bsc#1227149). - wifi: rtw89: 8922a: configure CRASH_TRIGGER FW feature (bsc#1227149). - wifi: rtw89: 8922a: correct register definition and merge IO for ctrl_nbtg_bt_tx() (bsc#1227149). - wifi: rtw89: 8922a: declare to support two chanctx (bsc#1227149). - wifi: rtw89: 8922a: dump MAC registers when SER occurs (bsc#1227149). - wifi: rtw89: 8922a: extend and add quota number (bsc#1227149). - wifi: rtw89: 8922a: hook handlers of TX/RX descriptors to chip_ops (bsc#1227149). - wifi: rtw89: 8922a: implement AP mode related reg for BE generation (bsc#1227149). - wifi: rtw89: 8922a: implement {stop,resume}_sch_tx and cfg_ppdu (bsc#1227149). - wifi: rtw89: 8922a: read efuse content from physical map (bsc#1227149). - wifi: rtw89: 8922a: read efuse content via efuse map struct from logic map (bsc#1227149). - wifi: rtw89: 8922a: rfk: implement chip_ops to call RF calibrations (bsc#1227149). - wifi: rtw89: 8922a: set RX gain along with set_channel operation (bsc#1227149). - wifi: rtw89: 8922a: set chip_ops FEM and GPIO to NULL (bsc#1227149). - wifi: rtw89: 8922a: set memory heap address for secure firmware (bsc#1227149). - wifi: rtw89: 8922a: update BA CAM number to 24 (bsc#1227149). - wifi: rtw89: 8922a: update the register used in DIG and the DIG flow (bsc#1227149). - wifi: rtw89: 8922ae: add 8922AE PCI entry and basic info (bsc#1227149). - wifi: rtw89: 8922ae: add v2 interrupt handlers for 8922AE (bsc#1227149). - wifi: rtw89: Add EHT rate mask as parameters of RA H2C command (bsc#1227149). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: rtw89: Fix clang -Wimplicit-fallthrough in rtw89_query_sar() (bsc#1227149). - wifi: rtw89: Introduce Time Averaged SAR (TAS) feature (bsc#1227149). - wifi: rtw89: Refine active scan behavior in 6 GHz (bsc#1227149). - wifi: rtw89: Set default CQM config if not present (bsc#1227149). - wifi: rtw89: TX power stuffs replace confusing naming of _max with _num (bsc#1227149). - wifi: rtw89: Update EHT PHY beamforming capability (bsc#1227149). - wifi: rtw89: acpi: process 6 GHz band policy from DSM (bsc#1227149). - wifi: rtw89: add C2H RA event V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add C2H event handlers of RFK log and report (bsc#1227149). - wifi: rtw89: add CFO XTAL registers field to support 8851B (bsc#1227149). - wifi: rtw89: add DBCC H2C to notify firmware the status (bsc#1227149). - wifi: rtw89: add EHT capabilities for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add EHT radiotap in monitor mode (bsc#1227149). - wifi: rtw89: add EVM and SNR statistics to debugfs (bsc#1227149). - wifi: rtw89: add EVM for antenna diversity (bsc#1227149). - wifi: rtw89: add H2C RA command V1 to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: add H2C command to download beacon frame for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add RSSI based antenna diversity (bsc#1227149). - wifi: rtw89: add RSSI statistics for the case of antenna diversity to debugfs (bsc#1227149). - wifi: rtw89: add XTAL SI for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add chip_info::chip_gen to determine chip generation (bsc#1227149). - wifi: rtw89: add chip_info::txwd_info size to generalize TX WD submit (bsc#1227149). - wifi: rtw89: add chip_ops::h2c_ba_cam() to configure BA CAM (bsc#1227149). - wifi: rtw89: add chip_ops::query_rxdesc() and rxd_len as helpers to support newer chips (bsc#1227149). - wifi: rtw89: add chip_ops::update_beacon to abstract update beacon operation (bsc#1227149). - wifi: rtw89: add firmware H2C command of BA CAM V1 (bsc#1227149). - wifi: rtw89: add firmware parser for v1 format (bsc#1227149). - wifi: rtw89: add firmware suit for BB MCU 0/1 (bsc#1227149). - wifi: rtw89: add function prototype for coex request duration (bsc#1227149). - wifi: rtw89: add mac_gen pointer to access mac port registers (bsc#1227149). - wifi: rtw89: add mlo_dbcc_mode for WiFi 7 chips (bsc#1227149). - wifi: rtw89: add new H2C command to pause/sleep transmitting by MAC ID (bsc#1227149). - wifi: rtw89: add new H2C for PS mode in 802.11be chip (bsc#1227149). - wifi: rtw89: add reserved size as factor of DLE used size (bsc#1227149). - wifi: rtw89: add subband index of primary channel to struct rtw89_chan (bsc#1227149). - wifi: rtw89: add to display hardware rates v1 histogram in debugfs (bsc#1227149). - wifi: rtw89: add to fill TX descriptor for firmware command v2 (bsc#1227149). - wifi: rtw89: add to fill TX descriptor v2 (bsc#1227149). - wifi: rtw89: add to parse firmware elements of BB and RF tables (bsc#1227149). - wifi: rtw89: add to query RX descriptor format v2 (bsc#1227149). - wifi: rtw89: add tx_wake notify for 8851B (bsc#1227149). - wifi: rtw89: add wait/completion for abort scan (bsc#1227149). - wifi: rtw89: adjust init_he_cap() to add EHT cap into iftype_data (bsc#1227149). - wifi: rtw89: advertise missing extended scan feature (bsc#1227149). - wifi: rtw89: avoid stringop-overflow warning (bsc#1227149). - wifi: rtw89: call rtw89_chan_get() by vif chanctx if aware of vif (bsc#1227149). - wifi: rtw89: chan: MCC take reconfig into account (bsc#1227149). - wifi: rtw89: chan: add sub-entity swap function to cover replacing (bsc#1227149). - wifi: rtw89: chan: move handling from add/remove to assign/unassign for MLO (bsc#1227149). - wifi: rtw89: chan: support MCC on Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: chan: tweak bitmap recalc ahead before MLO (bsc#1227149). - wifi: rtw89: chan: tweak weight recalc ahead before MLO (bsc#1227149). - wifi: rtw89: change naming of BA CAM from V1 to V0_EXT (bsc#1227149). - wifi: rtw89: change qutoa to DBCC by default for WiFi 7 chips (bsc#1227149). - wifi: rtw89: change supported bandwidths of chip_info to bit mask (bsc#1227149). - wifi: rtw89: cleanup firmware elements parsing (bsc#1227149). - wifi: rtw89: cleanup private data structures (bsc#1227149). - wifi: rtw89: cleanup rtw89_iqk_info and related code (bsc#1227149). - wifi: rtw89: coex: Add Bluetooth RSSI level information (bsc#1227149). - wifi: rtw89: coex: Add Pre-AGC control to enhance Wi-Fi RX performance (bsc#1227149). - wifi: rtw89: coex: Add coexistence policy to decrease WiFi packet CRC-ERR (bsc#1227149). - wifi: rtw89: coex: Fix wrong Wi-Fi role info and FDDT parameter members (bsc#1227149). - wifi: rtw89: coex: Record down Wi-Fi initial mode information (bsc#1227149). - wifi: rtw89: coex: Reorder H2C command index to align with firmware (bsc#1227149). - wifi: rtw89: coex: Set Bluetooth scan low-priority when Wi-Fi link/scan (bsc#1227149). - wifi: rtw89: coex: Still show hardware grant signal info even Wi-Fi is PS (bsc#1227149). - wifi: rtw89: coex: To improve Wi-Fi performance while BT is idle (bsc#1227149). - wifi: rtw89: coex: Translate antenna configuration from ID to string (bsc#1227149). - wifi: rtw89: coex: Update BTG control related logic (bsc#1227149). - wifi: rtw89: coex: Update RF parameter control setting logic (bsc#1227149). - wifi: rtw89: coex: Update coexistence policy for Wi-Fi LPS (bsc#1227149). - wifi: rtw89: coex: When Bluetooth not available do not set power/gain (bsc#1227149). - wifi: rtw89: coex: add BTC ctrl_info version 7 and related logic (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() for struct rtw89_btc_btf_set_slot_table (bsc#1227149). - wifi: rtw89: coex: add annotation __counted_by() to struct rtw89_btc_btf_set_mon_reg (bsc#1227149). - wifi: rtw89: coex: add init_info H2C command format version 7 (bsc#1227149). - wifi: rtw89: coex: add return value to ensure H2C command is success or not (bsc#1227149). - wifi: rtw89: coex: fix configuration for shared antenna for 8922A (bsc#1227149). - wifi: rtw89: coex: use struct assignment to replace memcpy() to append TDMA content (bsc#1227149). - wifi: rtw89: configure PPDU max user by chip (bsc#1227149). - wifi: rtw89: consider RX info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: consolidate registers of mac port to struct (bsc#1227149). - wifi: rtw89: correct PHY register offset for PHY-1 (bsc#1227149). - wifi: rtw89: correct aSIFSTime for 6GHz band (stable-fixes). - wifi: rtw89: correct the DCFO tracking flow to improve CFO compensation (bsc#1227149). - wifi: rtw89: debug: add FW log component for scan (bsc#1227149). - wifi: rtw89: debug: add debugfs entry to disable dynamic mechanism (bsc#1227149). - wifi: rtw89: debug: add to check if debug mask is enabled (bsc#1227149). - wifi: rtw89: debug: remove wrapper of rtw89_debug() (bsc#1227149). - wifi: rtw89: debug: show txpwr table according to chip gen (bsc#1227149). - wifi: rtw89: debug: txpwr table access only valid page according to chip (bsc#1227149). - wifi: rtw89: debug: txpwr table supports Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: declare EXT NSS BW of VHT capability (bsc#1227149). - wifi: rtw89: declare MCC in interface combination (bsc#1227149). - wifi: rtw89: define hardware rate v1 for WiFi 7 chips (bsc#1227149). - wifi: rtw89: differentiate narrow_bw_ru_dis setting according to chip gen (bsc#1227149). - wifi: rtw89: disable RTS when broadcast/multicast (bsc#1227149). - wifi: rtw89: download firmware with five times retry (bsc#1227149). - wifi: rtw89: drop TIMING_BEACON_ONLY and sync beacon TSF by self (bsc#1227149). - wifi: rtw89: enlarge supported length of read_reg debugfs entry (bsc#1227149). - wifi: rtw89: extend PHY status parser to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fix HW scan not aborting properly (git-fixes). - wifi: rtw89: fix HW scan timeout due to TSF sync issue (bsc#1227149). - wifi: rtw89: fix a width vs precision bug (bsc#1227149). - wifi: rtw89: fix disabling concurrent mode TX hang issue (bsc#1227149). - wifi: rtw89: fix misbehavior of TX beacon in concurrent mode (bsc#1227149). - wifi: rtw89: fix not entering PS mode after AP stops (bsc#1227149). - wifi: rtw89: fix spelling typo of IQK debug messages (bsc#1227149). - wifi: rtw89: fix typo of rtw89_fw_h2c_mcc_macid_bitmap() (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset CMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to reset DMAC table for WiFi 7 (bsc#1227149). - wifi: rtw89: fw: add H2C command to update security CAM v2 (bsc#1227149). - wifi: rtw89: fw: add checking type for variant type of firmware (bsc#1227149). - wifi: rtw89: fw: add chip_ops to update CMAC table to associated station (bsc#1227149). - wifi: rtw89: fw: add definition of H2C command and C2H event for MRC series (bsc#1227149). - wifi: rtw89: fw: add version field to BB MCU firmware element (bsc#1227149). - wifi: rtw89: fw: consider checksum length of security data (bsc#1227149). - wifi: rtw89: fw: download firmware with key data for secure boot (bsc#1227149). - wifi: rtw89: fw: extend JOIN H2C command to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: extend program counter dump for Wi-Fi 7 chip (bsc#1227149). - wifi: rtw89: fw: fill CMAC table to associated station for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: generalize download firmware flow by mac_gen pointers (bsc#1227149). - wifi: rtw89: fw: implement MRC H2C command functions (bsc#1227149). - wifi: rtw89: fw: implement supported functions of download firmware for WiFi 7 chips (bsc#1227149). - wifi: rtw89: fw: load TX power track tables from fw_element (bsc#1227149). - wifi: rtw89: fw: move polling function of firmware path ready to an individual function (bsc#1227149). - wifi: rtw89: fw: parse secure section from firmware file (bsc#1227149). - wifi: rtw89: fw: propagate an argument include_bb for BB MCU firmware (bsc#1227149). - wifi: rtw89: fw: read firmware secure information from efuse (bsc#1227149). - wifi: rtw89: fw: refine download flow to support variant firmware suits (bsc#1227149). - wifi: rtw89: fw: scan offload prohibit all 6 GHz channel if no 6 GHz sband (bsc#1227149). - wifi: rtw89: fw: update TX AMPDU parameter to CMAC table (bsc#1227149). - wifi: rtw89: fw: use struct to fill BA CAM H2C commands (bsc#1227149). - wifi: rtw89: fw: use struct to fill JOIN H2C command (bsc#1227149). - wifi: rtw89: get data rate mode/NSS/MCS v1 from RX descriptor (bsc#1227149). - wifi: rtw89: indicate TX power by rate table inside RFE parameter (bsc#1227149). - wifi: rtw89: indicate TX shape table inside RFE parameter (bsc#1227149). - wifi: rtw89: initialize antenna for antenna diversity (bsc#1227149). - wifi: rtw89: initialize multi-channel handling (bsc#1227149). - wifi: rtw89: introduce infrastructure of firmware elements (bsc#1227149). - wifi: rtw89: introduce realtek ACPI DSM method (bsc#1227149). - wifi: rtw89: introduce v1 format of firmware header (bsc#1227149). - wifi: rtw89: load BB parameters to PHY-1 (bsc#1227149). - wifi: rtw89: load RFK log format string from firmware file (bsc#1227149). - wifi: rtw89: load TX power by rate when RFE parms setup (bsc#1227149). - wifi: rtw89: load TX power related tables from FW elements (bsc#1227149). - wifi: rtw89: mac: Fix spelling mistakes 'notfify' -> 'notify' (bsc#1227149). - wifi: rtw89: mac: add coexistence helpers {cfg/get}_plt (bsc#1227149). - wifi: rtw89: mac: add feature_init to initialize BA CAM V1 (bsc#1227149). - wifi: rtw89: mac: add flags to check if CMAC and DMAC are enabled (bsc#1227149). - wifi: rtw89: mac: add mac_gen_def::band1_offset to map MAC band1 register address (bsc#1227149). - wifi: rtw89: mac: add registers of MU-EDCA parameters for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add suffix _ax to MAC functions (bsc#1227149). - wifi: rtw89: mac: add sys_init and filter option for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to access efuse for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: add to get DLE reserved quota (bsc#1227149). - wifi: rtw89: mac: check queue empty according to chip gen (bsc#1227149). - wifi: rtw89: mac: correct MUEDCA setting for MAC-1 (bsc#1227149). - wifi: rtw89: mac: define internal memory address for WiFi 7 chip (bsc#1227149). - wifi: rtw89: mac: define register address of rx_filter to generalize code (bsc#1227149). - wifi: rtw89: mac: do bf_monitor only if WiFi 6 chips (bsc#1227149). - wifi: rtw89: mac: functions to configure hardware engine and quota for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: generalize code to indirectly access WiFi internal memory (bsc#1227149). - wifi: rtw89: mac: generalize register of MU-EDCA switch according to chip gen (bsc#1227149). - wifi: rtw89: mac: get TX power control register according to chip gen (bsc#1227149). - wifi: rtw89: mac: handle C2H receive/done ACK in interrupt context (bsc#1227149). - wifi: rtw89: mac: implement MRC C2H event handling (bsc#1227149). - wifi: rtw89: mac: implement to configure TX/RX engines for WiFi 7 chips (bsc#1227149). - wifi: rtw89: mac: move code related to hardware engine to individual functions (bsc#1227149). - wifi: rtw89: mac: refine SER setting during WiFi CPU power on (bsc#1227149). - wifi: rtw89: mac: reset PHY-1 hardware when going to enable/disable (bsc#1227149). - wifi: rtw89: mac: return held quota of DLE when changing MAC-1 (bsc#1227149). - wifi: rtw89: mac: set bf_assoc capabilities according to chip gen (bsc#1227149). - wifi: rtw89: mac: set bfee_ctrl() according to chip gen (bsc#1227149). - wifi: rtw89: mac: update RTS threshold according to chip gen (bsc#1227149). - wifi: rtw89: mac: use mac_gen pointer to access about efuse (bsc#1227149). - wifi: rtw89: mac: use pointer to access functions of hardware engine and quota (bsc#1227149). - wifi: rtw89: mcc: consider and determine BT duration (bsc#1227149). - wifi: rtw89: mcc: deal with BT slot change (bsc#1227149). - wifi: rtw89: mcc: deal with P2P PS change (bsc#1227149). - wifi: rtw89: mcc: deal with beacon NoA if GO exists (bsc#1227149). - wifi: rtw89: mcc: decide pattern and calculate parameters (bsc#1227149). - wifi: rtw89: mcc: fill fundamental configurations (bsc#1227149). - wifi: rtw89: mcc: fix NoA start time when GO is auxiliary (bsc#1227149). - wifi: rtw89: mcc: initialize start flow (bsc#1227149). - wifi: rtw89: mcc: track beacon offset and update when needed (bsc#1227149). - wifi: rtw89: mcc: trigger FW to start/stop MCC (bsc#1227149). - wifi: rtw89: mcc: update role bitmap when changed (bsc#1227149). - wifi: rtw89: modify the register setting and the flow of CFO tracking (bsc#1227149). - wifi: rtw89: move software DCFO compensation setting to proper position (bsc#1227149). - wifi: rtw89: only reset BB/RF for existing WiFi 6 chips while starting up (bsc#1227149). - wifi: rtw89: packet offload wait for FW response (bsc#1227149). - wifi: rtw89: parse EHT information from RX descriptor and PPDU status packet (bsc#1227149). - wifi: rtw89: parse TX EHT rate selected by firmware from RA C2H report (bsc#1227149). - wifi: rtw89: parse and print out RFK log from C2H events (bsc#1227149). - wifi: rtw89: pause/proceed MCC for ROC and HW scan (bsc#1227149). - wifi: rtw89: pci: add LTR v2 for WiFi 7 chip (bsc#1227149). - wifi: rtw89: pci: add PCI generation information to pci_info for each chip (bsc#1227149). - wifi: rtw89: pci: add new RX ring design to determine full RX ring efficiently (bsc#1227149). - wifi: rtw89: pci: add pre_deinit to be called after probe complete (bsc#1227149). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: correct interrupt mitigation register for 8852CE (bsc#1227149). - wifi: rtw89: pci: define PCI ring address for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: fix interrupt enable mask for HALT C2H of RTL8851B (bsc#1227149). - wifi: rtw89: pci: generalize code of PCI control DMA IO for WiFi 7 (bsc#1227149). - wifi: rtw89: pci: generalize interrupt status bits of interrupt handlers (bsc#1227149). - wifi: rtw89: pci: implement PCI CLK/ASPM/L1SS for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_post_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: implement PCI mac_pre_init for WiFi 7 chips (bsc#1227149). - wifi: rtw89: pci: interrupt v2 refine IMR for SER (bsc#1227149). - wifi: rtw89: pci: reset BDRAM according to chip gen (bsc#1227149). - wifi: rtw89: pci: stop/start DMA for level 1 recovery according to chip gen (bsc#1227149). - wifi: rtw89: pci: update SER timer unit and timeout time (bsc#1227149). - wifi: rtw89: pci: update interrupt mitigation register for 8922AE (bsc#1227149). - wifi: rtw89: pci: use DBI function for 8852AE/8852BE/8851BE (bsc#1227149). - wifi: rtw89: pci: use gen_def pointer to configure mac_{pre,post}_init and clear PCI ring index (bsc#1227149). - wifi: rtw89: pci: validate RX tag for RXQ and RPQ (bsc#1227149). - wifi: rtw89: phy: add BB wrapper of TX power for WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: add parser to support RX gain dynamic setting flow (bsc#1227149). - wifi: rtw89: phy: add phy_gen_def::cr_base to support WiFi 7 chips (bsc#1227149). - wifi: rtw89: phy: change naming related BT coexistence functions (bsc#1227149). - wifi: rtw89: phy: dynamically adjust EDCCA threshold (bsc#1227149). - wifi: rtw89: phy: extend TX power common stuffs for Wi-Fi 7 chips (bsc#1227149). - wifi: rtw89: phy: generalize valid bit of BSS color (bsc#1227149). - wifi: rtw89: phy: ignore special data from BB parameter file (bsc#1227149). - wifi: rtw89: phy: modify register setting of ENV_MNTR, PHYSTS and DIG (bsc#1227149). - wifi: rtw89: phy: move bb_gain_info used by WiFi 6 chips to union (bsc#1227149). - wifi: rtw89: phy: print out RFK log with formatted string (bsc#1227149). - wifi: rtw89: phy: rate pattern handles HW rate by chip gen (bsc#1227149). - wifi: rtw89: phy: refine helpers used for raw TX power (bsc#1227149). - wifi: rtw89: phy: set TX power RU limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power by rate according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power limit according to chip gen (bsc#1227149). - wifi: rtw89: phy: set TX power offset according to chip gen (bsc#1227149). - wifi: rtw89: phy: set channel_info for WiFi 7 chips (bsc#1227149). - wifi: rtw89: prepare scan leaf functions for wifi 7 ICs (bsc#1227149). - wifi: rtw89: process regulatory for 6 GHz power type (bsc#1227149). - wifi: rtw89: provide functions to configure NoA for beacon update (bsc#1227149). - wifi: rtw89: recognize log format from firmware file (bsc#1227149). - wifi: rtw89: reference quota mode when setting Tx power (bsc#1227149). - wifi: rtw89: refine H2C command that pause transmitting by MAC ID (bsc#1227149). - wifi: rtw89: refine add_chan H2C command to encode_bits (bsc#1227149). - wifi: rtw89: refine bandwidth 160MHz uplink OFDMA performance (bsc#1227149). - wifi: rtw89: refine clearing supported bands to check 2/5 GHz first (bsc#1227149). - wifi: rtw89: refine element naming used by queue empty check (bsc#1227149). - wifi: rtw89: refine hardware scan C2H events (bsc#1227149). - wifi: rtw89: refine packet offload delete flow of 6 GHz probe (bsc#1227149). - wifi: rtw89: refine packet offload handling under SER (bsc#1227149). - wifi: rtw89: refine remain on channel flow to improve P2P connection (bsc#1227149). - wifi: rtw89: refine rtw89_correct_cck_chan() by rtw89_hw_to_nl80211_band() (bsc#1227149). - wifi: rtw89: refine uplink trigger based control mechanism (bsc#1227149). - wifi: rtw89: regd: configure Thailand in regulation type (bsc#1227149). - wifi: rtw89: regd: handle policy of 6 GHz according to BIOS (bsc#1227149). - wifi: rtw89: regd: judge 6 GHz according to chip and BIOS (bsc#1227149). - wifi: rtw89: regd: judge UNII-4 according to BIOS and chip (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R40 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R64-R43 (bsc#1227149). - wifi: rtw89: regd: update regulatory map to R65-R44 (bsc#1227149). - wifi: rtw89: release bit in rtw89_fw_h2c_del_pkt_offload() (bsc#1227149). - wifi: rtw89: return failure if needed firmware elements are not recognized (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DACK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger DPK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger IQK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger RX DCK (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TSSI (bsc#1227149). - wifi: rtw89: rfk: add H2C command to trigger TXGAPK (bsc#1227149). - wifi: rtw89: rfk: add a completion to wait RF calibration report from C2H event (bsc#1227149). - wifi: rtw89: rfk: disable driver tracking during MCC (bsc#1227149). - wifi: rtw89: rfk: send channel information to firmware for RF calibrations (bsc#1227149). - wifi: rtw89: sar: let caller decide the center frequency to query (bsc#1227149). - wifi: rtw89: scan offload wait for FW done ACK (bsc#1227149). - wifi: rtw89: ser: L1 add pre-M0 and post-M0 states (bsc#1227149). - wifi: rtw89: ser: reset total_sta_assoc and tdls_peer when L2 (bsc#1227149). - wifi: rtw89: set TX power without precondition during setting channel (bsc#1227149). - wifi: rtw89: set capability of TX antenna diversity (bsc#1227149). - wifi: rtw89: set entry size of address CAM to H2C field by chip (bsc#1227149). - wifi: rtw89: show EHT rate in debugfs (bsc#1227149). - wifi: rtw89: support U-NII-4 channels on 5GHz band (bsc#1227149). - wifi: rtw89: support firmware log with formatted text (bsc#1227149). - wifi: rtw89: suppress the log for specific SER called CMDPSR_FRZTO (bsc#1227149). - wifi: rtw89: tweak H2C TX waiting function for SER (bsc#1227149). - wifi: rtw89: update DMA function with different generation (bsc#1227149). - wifi: rtw89: update ps_state register for chips with different generation (bsc#1227149). - wifi: rtw89: update scan C2H messages for wifi 7 IC (bsc#1227149). - wifi: rtw89: update suspend/resume for different generation (bsc#1227149). - wifi: rtw89: use PLCP information to match BSS_COLOR and AID (bsc#1227149). - wifi: rtw89: use chip_info::small_fifo_size to choose debug_mask (bsc#1227149). - wifi: rtw89: use flexible array member in rtw89_btc_btf_tlv (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits to access RX info (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access RX descriptor (bsc#1227149). - wifi: rtw89: use struct and le32_get_bits() to access received PHY status IEs (bsc#1227149). - wifi: rtw89: use struct rtw89_phy_sts_ie0 instead of macro to access PHY IE0 status (bsc#1227149). - wifi: rtw89: use struct to access RA report (bsc#1227149). - wifi: rtw89: use struct to access firmware C2H event header (bsc#1227149). - wifi: rtw89: use struct to access register-based H2C/C2H (bsc#1227149). - wifi: rtw89: use struct to fill H2C command to download beacon frame (bsc#1227149). - wifi: rtw89: use struct to parse firmware header (bsc#1227149). - wifi: rtw89: use struct to set RA H2C command (bsc#1227149). - wifi: rtw89: wow: move release offload packet earlier for WoWLAN mode (bsc#1227149). - wifi: rtw89: wow: refine WoWLAN flows of HCI interrupts and low power mode (bsc#1227149). - wifi: rtw89: wow: set security engine options for 802.11ax chips only (bsc#1227149). - wifi: rtw89: wow: update WoWLAN reason register for different chips (bsc#1227149). - wifi: rtw89: wow: update WoWLAN status register for different generation (bsc#1227149). - wifi: rtw89: wow: update config mac function with different generation (bsc#1227149). - wifi: ti: wlcore: sdio: Drop unused include (bsc#1227149). - wifi: virt_wifi: avoid reporting connection success with wrong SSID (git-fixes). - wifi: virt_wifi: do not use strlen() in const context (git-fixes). - wifi: wcn36xx: Annotate struct wcn36xx_hal_ind_msg with __counted_by (bsc#1227149). - wifi: wcn36xx: Convert to platform remove callback returning void (bsc#1227149). - wifi: wcn36xx: remove unnecessary (void*) conversions (bsc#1227149). - wifi: wext: avoid extra calls to strlen() in ieee80211_bss() (bsc#1227149). - wifi: wfx: Use devm_kmemdup to replace devm_kmalloc + memcpy (bsc#1227149). - wifi: wfx: allow to send frames during ROC (bsc#1227149). - wifi: wfx: fix power_save setting when AP is stopped (bsc#1227149). - wifi: wfx: implement wfx_remain_on_channel() (bsc#1227149). - wifi: wfx: introduce hif_scan_uniq() (bsc#1227149). - wifi: wfx: move wfx_skb_*() out of the header file (bsc#1227149). - wifi: wfx: relocate wfx_rate_mask_to_hw() (bsc#1227149). - wifi: wfx: scan_lock is global to the device (bsc#1227149). - wifi: wfx: simplify exclusion between scan and Rx filters (bsc#1227149). - wifi: wil6210: fw: Replace zero-length arrays with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wil6210: wmi: Replace zero-length array with DECLARE_FLEX_ARRAY() helper (bsc#1227149). - wifi: wilc1000: Increase ASSOC response buffer (bsc#1227149). - wifi: wilc1000: Remove unused declarations (bsc#1227149). - wifi: wilc1000: add SPI commands retry mechanism (bsc#1227149). - wifi: wilc1000: add back-off algorithm to balance tx queue packets (bsc#1227149). - wifi: wilc1000: add missing read critical sections around vif list traversal (bsc#1227149). - wifi: wilc1000: always release SDIO host in wilc_sdio_cmd53() (bsc#1227149). - wifi: wilc1000: cleanup struct wilc_conn_info (bsc#1227149). - wifi: wilc1000: correct CRC7 calculation (bsc#1227149). - wifi: wilc1000: fix declarations ordering (bsc#1227149). - wifi: wilc1000: fix driver_handler when committing initial configuration (bsc#1227149). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - wifi: wilc1000: fix incorrect power down sequence (bsc#1227149). - wifi: wilc1000: remove AKM suite be32 conversion for external auth request (bsc#1227149). - wifi: wilc1000: remove setting msg.spi (bsc#1227149). - wifi: wilc1000: remove use of has_thrpt_enh3 flag (bsc#1227149). - wifi: wilc1000: set preamble size to auto as default in wilc_init_fw_config() (bsc#1227149). - wifi: wilc1000: simplify remain on channel support (bsc#1227149). - wifi: wilc1000: simplify wilc_scan() (bsc#1227149). - wifi: wilc1000: split deeply nested RCU list traversal in dedicated helper (bsc#1227149). - wifi: wilc1000: use SRCU instead of RCU for vif list traversal (bsc#1227149). - wifi: wilc1000: validate chip id during bus probe (bsc#1227149). - wifi: wl1251: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wl18xx: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: boot: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: main: replace deprecated strncpy with strscpy (bsc#1227149). - wifi: wlcore: sdio: Rate limit wl12xx_sdio_raw_{read,write}() failures warns (bsc#1227149). - wifi: wlcore: sdio: Use module_sdio_driver macro to simplify the code (bsc#1227149). - wifi: zd1211rw: fix typo 'tranmits' (bsc#1227149). - wifi: zd1211rw: remove __nocast from zd_addr_t (bsc#1227149). - wifi: zd1211rw: silence sparse warnings (bsc#1227149). - wlcore: spi: Remove redundant of_match_ptr() (bsc#1227149). - work around gcc bugs with 'asm goto' with outputs (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/amd_nb: Check for invalid SMN reads (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/asm: Fix build of UML with KASAN (git-fixes). - x86/asm: Remove the __iomem annotation of movdir64b()'s dst argument (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation :(git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/cpu: Provide default cache line size if not enumerated (git-fixes). - x86/csum: Fix clang -Wuninitialized in csum_partial() (git-fixes). - x86/csum: Improve performance of `csum_partial` (git-fixes). - x86/csum: Remove unnecessary odd handling (git-fixes). - x86/csum: clean up `csum_partial' further (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/head/64: Move the __head definition to <asm/init.h> (git-fixes). - x86/insn: Add VEX versions of VPDPBUSD, VPDPBUSDS, VPDPWSSD and VPDPWSSDS (git-fixes). - x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86/kconfig: Add as-instr64 macro to properly evaluate AS_WRUSS (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kexec: Fix bug with call depth tracking (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/mce: Mark fatal MCE's page as poison to avoid panic in the kdump kernel (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/resctrl: Read supported bandwidth sources from CPUID (git-fixes). - x86/resctrl: Remove redundant variable in mbm_config_write_domain() (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Fix position dependent variable references in startup code (git-fixes). - x86/shstk: Make return uprobe work with shadow stack (git-fixes). - x86/speculation, objtool: Use absolute relocations for annotations (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - x86/uaccess: Fix missed zeroing of ia32 u64 get_user() range checking (git-fixes). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - xen/x86: add extra pages to unpopulated-alloc if available (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228211). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use roundup_pow_of_two instead of ffs during xlog_find_tail (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: always resume roothubs if xHC was reset during resume (stable-fixes). - xsk: Add truesize to skb_add_rx_frag() (bsc#1214683 (PREEMPT_RT prerequisite backports)). The following package changes have been done: - SL-Micro-release-6.0-24.6 updated - libnghttp2-14-1.52.0-5.1 updated - kernel-rt-6.4.0-9.1 updated - container:SL-Micro-container-2.1.2-3.34 updated From sle-container-updates at lists.suse.com Sun Aug 25 07:12:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 25 Aug 2024 09:12:36 +0200 (CEST) Subject: SUSE-CU-2024:3841-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240825071236.9D21DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3841-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.22.2 Container Release : 22.2 Severity : important Type : security References : 1082555 1156395 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208783 1209636 1213123 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221086 1221282 1221647 1221654 1221656 1221659 1221958 1222015 1222072 1222080 1222241 1222254 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222809 1222810 1222893 1223013 1223018 1223021 1223180 1223265 1223384 1223635 1223641 1223652 1223675 1223778 1223806 1223813 1223815 1223836 1223863 1224020 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225770 1225815 1225823 1225834 1225838 1225840 1225851 1225866 1225872 1225894 1225903 1226022 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226502 1226514 1226519 1226520 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226653 1226657 1226658 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227090 1227096 1227101 1227103 1227121 1227157 1227162 1227274 1227362 1227383 1227432 1227435 1227447 1227487 1227573 1227618 1227620 1227626 1227635 1227661 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228140 1228190 1228191 1228226 1228235 1228247 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228801 1228850 1228857 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-24023 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36945 CVE-2024-36946 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2939-1 Released: Fri Aug 16 09:05:15 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195775,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1205205,1207361,1208783,1209636,1213123,1215492,1215587,1216834,1217912,1218148,1218570,1218820,1219224,1219633,1219832,1219847,1220138,1220185,1220186,1220368,1220812,1220869,1220876,1220942,1220952,1220958,1221010,1221086,1221282,1221647,1221654,1221656,1221659,1221958,1222015,1222072,1222080,1222241,1222254,1222323,1222326,1222328,1222364,1222625,1222702,1222728,1222799,1222809,1222810,1222893,1223013,1223018,1223021,1223180,1223265,1223384,1223635,1223641,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224020,1224331,1224414,1224488,1224497,1224498,1224499,1224500,1224504,1224512,1224516,1224517,1224520,1224539,1224540,1224545,1224548,1224552,1224557,1224572,1224573,1224583,1224585,1224588,1 224602,1224603,1224604,1224605,1224612,1224614,1224619,1224636,1224641,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224683,1224694,1224696,1224700,1224703,1224712,1224716,1224719,1224735,1224743,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225088,1225098,1225105,1225272,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225489,1225504,1225505,1225514,1225518,1225535,1225564,1225573,1225581,1225585,1225586,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225711,1225714,1225717,1225719,1225726,1225732,1225737,1225744,1225745,1225746,1225749,1225752,1225753,1225757,1225758,1225759,1225760,1225767,1225770,1225815,1225823,1225834,1225838,1225840,1225851,1225866,1225872,1225894,1225903,1226022,1226131,1226145,1226149,1226155,1226202,1226211,1226212,1226226,1226502,1226514,1226519,1226520,1226537,1226538,1226539,1226550,1226551,1226552,1226553,1226554,1226555,1226556,1226557,1226558,1226559,1226561,1226562,122656 3,1226564,1226565,1226566,1226567,1226568,1226569,1226570,1226571,1226572,1226574,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226762,1226764,1226767,1226768,1226769,1226771,1226774,1226775,1226777,1226780,1226781,1226783,1226785,1226786,1226789,1226791,1226834,1226837,1226839,1226840,122 6841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226911,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226990,1226992,1226993,1226994,1226996,1227066,1227090,1227096,1227101,1227103,1227121,1227157,1227162,1227274,1227362,1227383,1227432,1227435,1227447,1227487,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928, 1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,1227956,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228226,1228235,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,12288 01,1228850,1228857,CVE-2021-4439,CVE-2021-47086,CVE-2021-47089,CVE-2021-47103,CVE-2021-47186,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47546,CVE-2021-47547,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47588,CVE-2021-47589,CVE-2021-47590,CVE-2021-47591,CVE-2021-47592,CVE-2021-47593,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47599,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47606,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE- 2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48 793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-24023,CVE-2023-52435,CVE -2023-52573,CVE-2023-52580,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-52751,CVE-2023-52752,CVE-2023-52762,CVE-2023-52766,CVE-2023-52775,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52812,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52857,CVE-2023-52863,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26615,CVE-2024-26625,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26644,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26720,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26842,CVE-2024-26845,CVE-2024-26863,CVE-2024-26923,CVE-2024-26935,CVE-2024-26961,CVE-2024-26973,CVE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27432,CVE-2024-27437,CVE-2024-3 3619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35805,CVE-2024-35807,CVE-2024-35814,CVE-2024-35819,CVE-2024-35835,CVE-2024-35837,CVE-2024-35848,CVE-2024-35853,CVE-2024-35855,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35934,CVE-2024-35949,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35979,CVE-2024-35995,CVE-2024-35997,CVE-2024-36000,CVE-2024-36004,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36288,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36889,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36904,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CV E-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36934,CVE-2024-36937,CVE-2024-36939,CVE-2024-36940,CVE-2024-36945,CVE-2024-36946,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36974,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38570,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024- 38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38628,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39276,CVE-2024-39301,CVE-2024-39371,CVE-2024-39463,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024-39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,C VE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009,CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024 -42230 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571). - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071). - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869). - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435) - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722). - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - acpi: EC: Abort address space access upon error (stable-fixes). - acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - acpi: x86: Force StorageD3Enable on more products (stable-fixes). - acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes). - alsa: emux: improve patch ioctl data validation (stable-fixes). - alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes). - alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - alsa: timer: Set lower bound of start tick time (stable-fixes). - alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - asoc: amd: acp: add a null check for chip_pdev structure (git-fixes). - asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - asoc: amd: Adjust error handling in case of absent codec device (git-fixes). - asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes). - asoc: max98088: Check for clk_prepare_enable() error (git-fixes). - asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - asoc: rt715-sdca: volume step modification (stable-fixes). - asoc: rt715: add vendor clear control register (stable-fixes). - asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block, loop: support partitions without scanning (bsc#1227162). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN . - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hid: Add quirk for Logitech Casa touchpad (stable-fixes). - hid: core: remove unnecessary WARN_ON() in implement() (git-fixes). - hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - input: qt1050 - handle CHIP_ID reading error (git-fixes). - input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kabi: bpf: callback fixes kABI workaround (bsc#1225903). - kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kabi: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes). - kvm: x86: Add IBPB_BRTYPE support (bsc#1228079). - kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - nfsd enforce filehandle check for source file in COPY (git-fixes). - nfsd: Add an nfsd_file_fsync tracepoint (git-fixes). - nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - nfsd: Clean up nfsd_open_verified() (git-fixes). - nfsd: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up unused code after rhashtable conversion (git-fixes). - nfsd: Convert filecache to rhltable (git-fixes). - nfsd: Convert the filecache to use rhashtable (git-fixes). - nfsd: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - nfsd: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - nfsd: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes). - nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - nfsd: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - nfsd: Flesh out a documenting comment for filecache.c (git-fixes). - nfsd: handle errors better in write_ports_addfd() (git-fixes). - nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - nfsd: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - nfsd: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - nfsd: nfsd_file_put() can sleep (git-fixes). - nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - nfsd: No longer record nf_hashval in the trace log (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - nfsd: Record number of flush calls (git-fixes). - nfsd: Refactor __nfsd_file_close_inode() (git-fixes). - nfsd: Refactor nfsd_create_setattr() (git-fixes). - nfsd: Refactor nfsd_file_gc() (git-fixes). - nfsd: Refactor nfsd_file_lru_scan() (git-fixes). - nfsd: Refactor NFSv3 CREATE (git-fixes). - nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes). - nfsd: Remove do_nfsd_create() (git-fixes). - nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - nfsd: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - nfsd: Replace the 'init once' mechanism (git-fixes). - nfsd: Report average age of filecache items (git-fixes). - nfsd: Report count of calls to nfsd_file_acquire() (git-fixes). - nfsd: Report count of freed filecache items (git-fixes). - nfsd: Report filecache LRU size (git-fixes). - nfsd: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - nfsd: Separate tracepoints for acquire and create (git-fixes). - nfsd: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - nfsd: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - nfsd: Trace filecache LRU activity (git-fixes). - nfsd: Trace filecache opens (git-fixes). - nfsd: update comment over __nfsd_file_cache_purge (git-fixes). - nfsd: verify the opened dentry after setting a delegation (git-fixes). - nfsd: WARN when freeing an item still linked via nf_lru (git-fixes). - nfsd: Write verifier might go backwards (git-fixes). - nfsd: Zero counters when the filecache is re-initialized (git-fixes). - nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nfsv4: Fixup smatch warning for ambiguous return (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: ensure reset state check ordering (bsc#1215492). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - pci: Clear Secondary Status errors after enumeration (bsc#1226928) - pci: Extend ACS configurability (bsc#1228090). - pci: Fix resource double counting on remove & rescan (git-fixes). - pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - pci: keystone: Do not enable BAR 0 for AM654x (git-fixes). - pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pci/aspm: Update save_state when configuration changes (bsc#1226915) - pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - ras/amd/atl: Fix MI300 bank hash (bsc#1225300). - ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - rdma/cache: Release GID table even if leak is detected (git-fixes) - rdma/device: Return error earlier if port in not valid (git-fixes) - rdma/hns: Check atomic wr length (git-fixes) - rdma/hns: Fix incorrect sge nums calculation (git-fixes) - rdma/hns: Fix insufficient extend DB for VFs. (git-fixes) - rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes) - rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - rdma/irdma: Drop unused kernel push code (git-fixes) - rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - rdma/mana_ib: Ignore optional access flags for MRs (git-fixes). - rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - rdma/mlx4: Fix truncated output warning in mad.c (git-fixes) - rdma/mlx5: Add check for srq max_sge attribute (git-fixes) - rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - rdma/restrack: Fix potential invalid address access (git-fixes) - rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - Revert 'Add remote for nfs maintainer' - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'build initrd without systemd' (bsc#1195775)'. - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679. - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - sunrpc: Fix gss_free_in_token_pages() (git-fixes). - sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - sunrpc: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: serial: mos7840: fix crash on resume (git-fixes). - usb: serial: option: add Fibocom FM350-GL (stable-fixes). - usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - usb: serial: option: add Rolling RW350-GL variants (stable-fixes). - usb: serial: option: add support for Foxconn T99W651 (stable-fixes). - usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - usb: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - usb: xhci-plat: fix legacy PHY double init (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x.509: Fix the parser of extended key usage for length (bsc#1218820). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - kernel-macros-5.14.21-150500.55.73.1 updated - kernel-devel-5.14.21-150500.55.73.1 updated - kernel-default-devel-5.14.21-150500.55.73.1 updated - kernel-syms-5.14.21-150500.55.73.1 updated - container:sles15-image-15.0.0-36.14.14 updated From sle-container-updates at lists.suse.com Tue Aug 27 07:04:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 09:04:10 +0200 (CEST) Subject: SUSE-CU-2024:3878-1: Security update of bci/kiwi Message-ID: <20240827070410.1853CFBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3878-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-10.3 , bci/kiwi:9.24 , bci/kiwi:9.24-10.3 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-10.3 , bci/kiwi:latest Container Release : 10.3 Severity : important Type : security References : 1194818 1227322 1229007 CVE-2024-4467 CVE-2024-7409 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2983-1 Released: Tue Aug 20 11:10:04 2024 Summary: Security update for qemu Type: security Severity: important References: 1227322,1229007,CVE-2024-4467,CVE-2024-7409 This update for qemu fixes the following issues: - CVE-2024-4467: Fixed denial of service and file read/write via qemu-img info command (bsc#1227322) - CVE-2024-7409: Fixed denial of service via improper synchronization in QEMU NBD Server during socket closure (bsc#1229007) * nbd/server: Close stray clients at server-stop * nbd/server: Drop non-negotiating clients * nbd/server: Cap default max-connections to 100 * nbd/server: Plumb in new args to nbd_client_add() * nbd: Minor style and typo fixes - Update qemu to version 8.2.6 The following package changes have been done: - pam-1.3.0-150000.6.71.2 updated - qemu-pr-helper-8.2.6-150600.3.9.1 updated - qemu-img-8.2.6-150600.3.9.1 updated - qemu-tools-8.2.6-150600.3.9.1 updated - container:sles15-image-15.6.0-47.11.8 updated From sle-container-updates at lists.suse.com Tue Aug 27 14:04:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 16:04:20 +0200 (CEST) Subject: SUSE-CU-2024:3881-1: Security update of suse/sles12sp5 Message-ID: <20240827140420.EC9D5FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3881-1 Container Tags : suse/sles12sp5:6.8.35 , suse/sles12sp5:latest Container Release : 6.8.35 Severity : important Type : security References : 1219559 1221563 1222285 1226095 1227138 1227227 1228291 1229339 CVE-2023-52425 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2965-1 Released: Mon Aug 19 15:32:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1222285 This update for util-linux fixes the following issues: - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - fix Xen virtualization type misidentification. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2972-1 Released: Tue Aug 20 08:14:12 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1226095 This update for systemd fixes the following issues: - Dynamically allocate the receive buffer (bsc#1226095) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2989-1 Released: Tue Aug 20 16:17:10 2024 Summary: Security update for openssl-1_0_0 Type: security Severity: moderate References: 1227138,1227227,1228291,CVE-2024-5535 This update for openssl-1_0_0 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138, bsc#1227227) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3004-1 Released: Fri Aug 23 13:27:40 2024 Summary: Security update for expat Type: security Severity: moderate References: 1219559,1221563,CVE-2023-52425 This update for expat fixes the following issues: - CVE-2023-52425: denial of service (resource consumption) caused by processing large tokens (bsc#1219559) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3011-1 Released: Mon Aug 26 13:15:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1229339 This update for suse-build-key fixes the following issue: - extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028 (bsc#1229339). The following package changes have been done: - libblkid1-2.33.2-4.42.4 updated - libexpat1-2.1.0-21.32.1 updated - libfdisk1-2.33.2-4.42.4 updated - libmount1-2.33.2-4.42.4 updated - libopenssl1_0_0-1.0.2p-3.95.1 updated - libsmartcols1-2.33.2-4.42.4 updated - libsystemd0-228-157.63.1 updated - libudev1-228-157.63.1 updated - libuuid1-2.33.2-4.42.4 updated - openssl-1_0_0-1.0.2p-3.95.1 updated - suse-build-key-12.0-7.19.1 updated - util-linux-2.33.2-4.42.4 updated From sle-container-updates at lists.suse.com Tue Aug 27 14:07:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 16:07:52 +0200 (CEST) Subject: SUSE-CU-2024:3882-1: Recommended update of bci/nodejs Message-ID: <20240827140752.BA303FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3882-1 Container Tags : bci/node:18 , bci/node:18-29.3 , bci/nodejs:18 , bci/nodejs:18-29.3 Container Release : 29.3 Severity : moderate Type : recommended References : 1229029 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3009-1 Released: Mon Aug 26 11:43:26 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1229029 This update for git fixes the following issue: - Fix syntax error with old apparmor versions (bsc#1229029) The following package changes have been done: - git-core-2.35.3-150300.10.45.2 updated From sle-container-updates at lists.suse.com Tue Aug 27 14:09:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 16:09:41 +0200 (CEST) Subject: SUSE-CU-2024:3884-1: Recommended update of bci/openjdk Message-ID: <20240827140941.3215DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3884-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-27.3 Container Release : 27.3 Severity : moderate Type : recommended References : 1229029 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3009-1 Released: Mon Aug 26 11:43:26 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1229029 This update for git fixes the following issue: - Fix syntax error with old apparmor versions (bsc#1229029) The following package changes have been done: - git-core-2.35.3-150300.10.45.2 updated From sle-container-updates at lists.suse.com Tue Aug 27 14:11:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 16:11:27 +0200 (CEST) Subject: SUSE-CU-2024:3886-1: Recommended update of bci/openjdk Message-ID: <20240827141127.05706FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3886-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-29.3 Container Release : 29.3 Severity : moderate Type : recommended References : 1229029 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3009-1 Released: Mon Aug 26 11:43:26 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1229029 This update for git fixes the following issue: - Fix syntax error with old apparmor versions (bsc#1229029) The following package changes have been done: - git-core-2.35.3-150300.10.45.2 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:03:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:03:02 +0200 (CEST) Subject: SUSE-CU-2024:3887-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240828070302.82670FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3887-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.15 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.15 Severity : moderate Type : recommended References : 1222021 1227127 1228265 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) The following package changes have been done: - supportutils-3.2.8-150300.7.35.33.1 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:04:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:04:17 +0200 (CEST) Subject: SUSE-CU-2024:3888-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240828070417.29A59FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3888-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.15 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.15 Severity : moderate Type : recommended References : 1222021 1227127 1228265 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) The following package changes have been done: - supportutils-3.2.8-150300.7.35.33.1 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:05:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:05:15 +0200 (CEST) Subject: SUSE-CU-2024:3889-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240828070515.A95F0FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3889-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.25 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.25 Severity : moderate Type : recommended References : 1222021 1227127 1228265 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) The following package changes have been done: - supportutils-3.2.8-150300.7.35.33.1 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:05:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:05:26 +0200 (CEST) Subject: SUSE-CU-2024:3890-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20240828070526.E60F9FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3890-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.4 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.4 Severity : important Type : security References : 1174091 1189495 1221399 1221854 1226447 1226448 1227378 1228780 831629 CVE-2019-20907 CVE-2019-9947 CVE-2020-15523 CVE-2020-15801 CVE-2022-25236 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-28182 CVE-2024-4032 CVE-2024-6923 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 18 Released: Tue Aug 20 13:47:06 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: 23 Released: Tue Aug 27 18:49:42 2024 Summary: Security update for python311, python-rpm-macros Type: security Severity: important References: 1174091,1189495,1221854,1226447,1226448,1227378,1228780,831629,CVE-2019-20907,CVE-2019-9947,CVE-2020-15523,CVE-2020-15801,CVE-2022-25236,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032,CVE-2024-6923 This update for python311, python-rpm-macros fixes the following issues: python311: - CVE-2024-0450: Fixed zipfile module vulnerability with 'quoted-overlap' zipbomb (bsc#1221854) - CVE-2024-4032: Fixed incorrect IPv4 and IPv6 private ranges (bsc#1226448) - CVE-2024-0397: Fixed memory race condition in ssl.SSLContext certificate store methods (bsc#1226447) - CVE-2024-6923: Prevent email header injection due to unquoted newlines (bsc#1228780) - Fixed executable bits for /usr/bin/idle* (bsc#1227378). python-rpm-macros: - Update to version 20240618.c146b29: * Add %FLAVOR_pytest and %FLAVOR_pyunittest variants - Update to version 20240618.1e386da: * Fix python_clone sed regex - Update to version 20240614.02920b8: * Make sure that RPM_BUILD_ROOT env is set * don't eliminate any cmdline arguments in the shebang line * Create python313 macros - Update to version 20240415.c664b45: * Fix typo 310 -> 312 in default-prjconf - Update to version 20240202.501440e: * SPEC0: Drop python39, add python312 to buildset (#169) - Update to version 20231220.98427f3: * fix python2_compile macro - Update to version 20231207.46c2ec3: * make FLAVOR_compile compatible with python2 - Update to version 20231204.dd64e74: * Combine fix_shebang in one line * New macro FLAVOR_fix_shebang_path * Use realpath in %python_clone macro shebang replacement * Compile and fix_shebang in %python_install macros - Update to version 20231010.0a1f0d9: * Revert 'Compile and fix_shebang in %python_install macros' * gh#openSUSE/python-rpm-macros#163 - Update to version 20231010.a32e110: * Compile and fix_shebang in %python_install macros - Update to version 20231005.bf2d3ab: * Fix shebang also in sbin with macro _fix_shebang The following package changes have been done: - SL-Micro-release-6.0-24.7 updated - libnghttp2-14-1.52.0-5.1 updated - libpython3_11-1_0-3.11.8-3.1 updated - python311-base-3.11.8-3.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.13 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:09:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:09:37 +0200 (CEST) Subject: SUSE-CU-2024:3891-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20240828070937.139C7FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3891-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.16 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.16 Severity : moderate Type : recommended References : 1222021 1227127 1228265 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) The following package changes have been done: - supportutils-3.2.8-150300.7.35.33.1 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:12:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:12:56 +0200 (CEST) Subject: SUSE-CU-2024:3893-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240828071256.60F73FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3893-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.18 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.18 Severity : moderate Type : recommended References : 1222021 1227127 1228265 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3026-1 Released: Tue Aug 27 13:20:03 2024 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1222021,1227127,1228265 This update for supportutils fixes the following issues: Changes to version 3.2.8 + Avoid getting duplicate kernel verifications in boot.text (pr#190) + lvm: suppress file descriptor leak warnings from lvm commands (pr#191) + docker_info: Add timestamps to container logs (pr#196) + Key value pairs and container log timestamps (bsc#1222021 PED-8211, pr#198) + Update supportconfig get pam.d sorted (pr#199) + yast_files: Exclude .zcat (pr#201) + Sanitize grub bootloader (bsc#1227127, pr#203) + Sanitize regcodes (pr#204) + Improve product detection (pr#205) + Add read_values for s390x (bsc#1228265, pr#206) + hardware_info: Remove old alsa ver check (pr#209) + drbd_info: Fix incorrect escape of quotes (pr#210) The following package changes have been done: - supportutils-3.2.8-150300.7.35.33.1 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:02:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:02:05 +0200 (CEST) Subject: SUSE-IU-2024:1128-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20240829070205.4B6CEFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1128-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.103 , suse/sle-micro/5.5:latest Image Release : 5.5.103 Severity : moderate Type : recommended References : 1229701 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3053-1 Released: Wed Aug 28 09:52:37 2024 Summary: Recommended update for selinux-policy Type: recommended Severity: moderate References: 1229701 This update for selinux-policy fixes the following issues: Update to version 20230511+git17.e258ac27: * Fix mkhomedir_helper label to match on sbin (bsc#1229701) The following package changes have been done: - selinux-policy-20230511+git17.e258ac27-150500.3.18.1 updated - selinux-policy-targeted-20230511+git17.e258ac27-150500.3.18.1 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:02:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:02:29 +0200 (CEST) Subject: SUSE-IU-2024:1130-1: Security update of suse/sl-micro/6.0/base-os-container Message-ID: <20240829070229.43FDDFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1130-1 Image Tags : suse/sl-micro/6.0/base-os-container:2.1.2 , suse/sl-micro/6.0/base-os-container:2.1.2-3.24 , suse/sl-micro/6.0/base-os-container:latest Image Release : 3.24 Severity : important Type : security References : 1199079 1220356 1227525 ----------------------------------------------------------------- The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Aug 28 13:31:01 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1199079,1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - ca-certificates-mozilla-2.68-1.1 updated - SL-Micro-release-6.0-24.8 updated - container:suse-toolbox-image-1.0.0-6.43 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:02:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:02:47 +0200 (CEST) Subject: SUSE-CU-2024:3900-1: Security update of suse/sl-micro/6.0/toolbox Message-ID: <20240829070247.2A425FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3900-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.6 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.6 Severity : important Type : security References : 1199079 1220356 1227525 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 24 Released: Wed Aug 28 13:31:01 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1199079,1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 The following package changes have been done: - SL-Micro-release-6.0-24.8 updated - ca-certificates-mozilla-2.68-1.1 updated - skelcd-EULA-SL-Micro-2024.01.19-7.14 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:06:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:06:33 +0200 (CEST) Subject: SUSE-CU-2024:3902-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240829070633.79BDFFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3902-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.20 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.20 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.9.1 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:07:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:07:04 +0200 (CEST) Subject: SUSE-CU-2024:3903-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240829070704.A4455FBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3903-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.16 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.16 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.9.1 updated From sle-container-updates at lists.suse.com Tue Aug 27 13:58:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 15:58:40 +0200 (CEST) Subject: SUSE-IU-2024:1114-1: Security update of suse-sles-15-sp5-chost-byos-v20240826-hvm-ssd-x86_64 Message-ID: <20240827135840.64758FBA3@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240826-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1114-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240826-hvm-ssd-x86_64:20240826 Image Release : Severity : important Type : security References : 1082555 1156395 1159034 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208783 1209636 1213123 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220356 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221086 1221282 1221647 1221654 1221656 1221659 1221958 1222015 1222072 1222080 1222241 1222254 1222285 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222809 1222810 1222893 1222985 1223013 1223018 1223021 1223180 1223265 1223384 1223535 1223571 1223635 1223641 1223652 1223675 1223778 1223806 1223813 1223815 1223836 1223863 1224014 1224016 1224020 1224226 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225770 1225815 1225823 1225834 1225838 1225840 1225851 1225866 1225872 1225894 1225903 1226022 1226100 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226463 1226502 1226514 1226519 1226520 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226653 1226657 1226658 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227090 1227096 1227101 1227103 1227121 1227138 1227157 1227162 1227274 1227308 1227362 1227383 1227432 1227435 1227447 1227487 1227525 1227573 1227618 1227620 1227626 1227635 1227661 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228124 1228140 1228190 1228191 1228226 1228235 1228247 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228801 1228850 1228857 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-24023 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36945 CVE-2024-36946 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240826-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2921-1 Released: Thu Aug 15 07:00:32 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1224226,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2939-1 Released: Fri Aug 16 09:05:15 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195775,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1205205,1207361,1208783,1209636,1213123,1215492,1215587,1216834,1217912,1218148,1218570,1218820,1219224,1219633,1219832,1219847,1220138,1220185,1220186,1220368,1220812,1220869,1220876,1220942,1220952,1220958,1221010,1221086,1221282,1221647,1221654,1221656,1221659,1221958,1222015,1222072,1222080,1222241,1222254,1222323,1222326,1222328,1222364,1222625,1222702,1222728,1222799,1222809,1222810,1222893,1223013,1223018,1223021,1223180,1223265,1223384,1223635,1223641,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224020,1224331,1224414,1224488,1224497,1224498,1224499,1224500,1224504,1224512,1224516,1224517,1224520,1224539,1224540,1224545,1224548,1224552,1224557,1224572,1224573,1224583,1224585,1224588,1 224602,1224603,1224604,1224605,1224612,1224614,1224619,1224636,1224641,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224683,1224694,1224696,1224700,1224703,1224712,1224716,1224719,1224735,1224743,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225088,1225098,1225105,1225272,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225489,1225504,1225505,1225514,1225518,1225535,1225564,1225573,1225581,1225585,1225586,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225711,1225714,1225717,1225719,1225726,1225732,1225737,1225744,1225745,1225746,1225749,1225752,1225753,1225757,1225758,1225759,1225760,1225767,1225770,1225815,1225823,1225834,1225838,1225840,1225851,1225866,1225872,1225894,1225903,1226022,1226131,1226145,1226149,1226155,1226202,1226211,1226212,1226226,1226502,1226514,1226519,1226520,1226537,1226538,1226539,1226550,1226551,1226552,1226553,1226554,1226555,1226556,1226557,1226558,1226559,1226561,1226562,122656 3,1226564,1226565,1226566,1226567,1226568,1226569,1226570,1226571,1226572,1226574,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226762,1226764,1226767,1226768,1226769,1226771,1226774,1226775,1226777,1226780,1226781,1226783,1226785,1226786,1226789,1226791,1226834,1226837,1226839,1226840,122 6841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226911,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226990,1226992,1226993,1226994,1226996,1227066,1227090,1227096,1227101,1227103,1227121,1227157,1227162,1227274,1227362,1227383,1227432,1227435,1227447,1227487,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928, 1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,1227956,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228226,1228235,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,12288 01,1228850,1228857,CVE-2021-4439,CVE-2021-47086,CVE-2021-47089,CVE-2021-47103,CVE-2021-47186,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47546,CVE-2021-47547,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47588,CVE-2021-47589,CVE-2021-47590,CVE-2021-47591,CVE-2021-47592,CVE-2021-47593,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47599,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47606,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE- 2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48 793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-24023,CVE-2023-52435,CVE -2023-52573,CVE-2023-52580,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-52751,CVE-2023-52752,CVE-2023-52762,CVE-2023-52766,CVE-2023-52775,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52812,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52857,CVE-2023-52863,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26615,CVE-2024-26625,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26644,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26720,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26842,CVE-2024-26845,CVE-2024-26863,CVE-2024-26923,CVE-2024-26935,CVE-2024-26961,CVE-2024-26973,CVE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27432,CVE-2024-27437,CVE-2024-3 3619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35805,CVE-2024-35807,CVE-2024-35814,CVE-2024-35819,CVE-2024-35835,CVE-2024-35837,CVE-2024-35848,CVE-2024-35853,CVE-2024-35855,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35934,CVE-2024-35949,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35979,CVE-2024-35995,CVE-2024-35997,CVE-2024-36000,CVE-2024-36004,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36288,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36889,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36904,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CV E-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36934,CVE-2024-36937,CVE-2024-36939,CVE-2024-36940,CVE-2024-36945,CVE-2024-36946,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36974,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38570,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024- 38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38628,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39276,CVE-2024-39301,CVE-2024-39371,CVE-2024-39463,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024-39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,C VE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009,CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024 -42230 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571). - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071). - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869). - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435) - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722). - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - acpi: EC: Abort address space access upon error (stable-fixes). - acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - acpi: x86: Force StorageD3Enable on more products (stable-fixes). - acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes). - alsa: emux: improve patch ioctl data validation (stable-fixes). - alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes). - alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - alsa: timer: Set lower bound of start tick time (stable-fixes). - alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - asoc: amd: acp: add a null check for chip_pdev structure (git-fixes). - asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - asoc: amd: Adjust error handling in case of absent codec device (git-fixes). - asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes). - asoc: max98088: Check for clk_prepare_enable() error (git-fixes). - asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - asoc: rt715-sdca: volume step modification (stable-fixes). - asoc: rt715: add vendor clear control register (stable-fixes). - asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block, loop: support partitions without scanning (bsc#1227162). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN . - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hid: Add quirk for Logitech Casa touchpad (stable-fixes). - hid: core: remove unnecessary WARN_ON() in implement() (git-fixes). - hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - input: qt1050 - handle CHIP_ID reading error (git-fixes). - input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kabi: bpf: callback fixes kABI workaround (bsc#1225903). - kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kabi: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes). - kvm: x86: Add IBPB_BRTYPE support (bsc#1228079). - kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - nfsd enforce filehandle check for source file in COPY (git-fixes). - nfsd: Add an nfsd_file_fsync tracepoint (git-fixes). - nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - nfsd: Clean up nfsd_open_verified() (git-fixes). - nfsd: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up unused code after rhashtable conversion (git-fixes). - nfsd: Convert filecache to rhltable (git-fixes). - nfsd: Convert the filecache to use rhashtable (git-fixes). - nfsd: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - nfsd: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - nfsd: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes). - nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - nfsd: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - nfsd: Flesh out a documenting comment for filecache.c (git-fixes). - nfsd: handle errors better in write_ports_addfd() (git-fixes). - nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - nfsd: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - nfsd: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - nfsd: nfsd_file_put() can sleep (git-fixes). - nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - nfsd: No longer record nf_hashval in the trace log (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - nfsd: Record number of flush calls (git-fixes). - nfsd: Refactor __nfsd_file_close_inode() (git-fixes). - nfsd: Refactor nfsd_create_setattr() (git-fixes). - nfsd: Refactor nfsd_file_gc() (git-fixes). - nfsd: Refactor nfsd_file_lru_scan() (git-fixes). - nfsd: Refactor NFSv3 CREATE (git-fixes). - nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes). - nfsd: Remove do_nfsd_create() (git-fixes). - nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - nfsd: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - nfsd: Replace the 'init once' mechanism (git-fixes). - nfsd: Report average age of filecache items (git-fixes). - nfsd: Report count of calls to nfsd_file_acquire() (git-fixes). - nfsd: Report count of freed filecache items (git-fixes). - nfsd: Report filecache LRU size (git-fixes). - nfsd: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - nfsd: Separate tracepoints for acquire and create (git-fixes). - nfsd: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - nfsd: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - nfsd: Trace filecache LRU activity (git-fixes). - nfsd: Trace filecache opens (git-fixes). - nfsd: update comment over __nfsd_file_cache_purge (git-fixes). - nfsd: verify the opened dentry after setting a delegation (git-fixes). - nfsd: WARN when freeing an item still linked via nf_lru (git-fixes). - nfsd: Write verifier might go backwards (git-fixes). - nfsd: Zero counters when the filecache is re-initialized (git-fixes). - nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nfsv4: Fixup smatch warning for ambiguous return (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: ensure reset state check ordering (bsc#1215492). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - pci: Clear Secondary Status errors after enumeration (bsc#1226928) - pci: Extend ACS configurability (bsc#1228090). - pci: Fix resource double counting on remove & rescan (git-fixes). - pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - pci: keystone: Do not enable BAR 0 for AM654x (git-fixes). - pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pci/aspm: Update save_state when configuration changes (bsc#1226915) - pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - ras/amd/atl: Fix MI300 bank hash (bsc#1225300). - ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - rdma/cache: Release GID table even if leak is detected (git-fixes) - rdma/device: Return error earlier if port in not valid (git-fixes) - rdma/hns: Check atomic wr length (git-fixes) - rdma/hns: Fix incorrect sge nums calculation (git-fixes) - rdma/hns: Fix insufficient extend DB for VFs. (git-fixes) - rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes) - rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - rdma/irdma: Drop unused kernel push code (git-fixes) - rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - rdma/mana_ib: Ignore optional access flags for MRs (git-fixes). - rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - rdma/mlx4: Fix truncated output warning in mad.c (git-fixes) - rdma/mlx5: Add check for srq max_sge attribute (git-fixes) - rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - rdma/restrack: Fix potential invalid address access (git-fixes) - rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - Revert 'Add remote for nfs maintainer' - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'build initrd without systemd' (bsc#1195775)'. - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679. - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - sunrpc: Fix gss_free_in_token_pages() (git-fixes). - sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - sunrpc: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: serial: mos7840: fix crash on resume (git-fixes). - usb: serial: option: add Fibocom FM350-GL (stable-fixes). - usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - usb: serial: option: add Rolling RW350-GL variants (stable-fixes). - usb: serial: option: add support for Foxconn T99W651 (stable-fixes). - usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - usb: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - usb: xhci-plat: fix legacy PHY double init (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x.509: Fix the parser of extended key usage for length (bsc#1218820). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - grub2-i386-pc-2.06-150500.29.28.1 updated - grub2-x86_64-efi-2.06-150500.29.28.1 updated - grub2-x86_64-xen-2.06-150500.29.28.1 updated - grub2-2.06-150500.29.28.1 updated - kernel-default-5.14.21-150500.55.73.1 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libuuid1-2.37.4-150500.9.14.2 updated - libyaml-0-2-0.1.7-150000.3.2.1 added - openssl-1_1-1.1.1l-150500.17.34.1 updated - pam-1.3.0-150000.6.71.2 updated - python3-PyYAML-5.4.1-150300.3.3.1 updated - util-linux-systemd-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated From sle-container-updates at lists.suse.com Tue Aug 27 13:58:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 27 Aug 2024 15:58:53 +0200 (CEST) Subject: SUSE-IU-2024:1115-1: Security update of sles-15-sp5-chost-byos-v20240826-arm64 Message-ID: <20240827135853.D670AFBA3@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240826-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1115-1 Image Tags : sles-15-sp5-chost-byos-v20240826-arm64:20240826 Image Release : Severity : important Type : security References : 1082555 1156395 1159034 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208783 1209636 1213123 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220356 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221086 1221282 1221647 1221654 1221656 1221659 1221958 1222015 1222072 1222080 1222241 1222254 1222285 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222809 1222810 1222893 1223013 1223018 1223021 1223180 1223265 1223384 1223535 1223635 1223641 1223652 1223675 1223778 1223806 1223813 1223815 1223836 1223863 1224020 1224226 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225770 1225815 1225823 1225834 1225838 1225840 1225851 1225866 1225872 1225894 1225903 1226022 1226100 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226463 1226502 1226514 1226519 1226520 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226653 1226657 1226658 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227090 1227096 1227101 1227103 1227121 1227138 1227157 1227162 1227274 1227362 1227383 1227432 1227435 1227447 1227487 1227525 1227573 1227618 1227620 1227626 1227635 1227661 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228124 1228140 1228190 1228191 1228226 1228235 1228247 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228801 1228850 1228857 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-24023 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36945 CVE-2024-36946 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240826-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2921-1 Released: Thu Aug 15 07:00:32 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1224226,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2939-1 Released: Fri Aug 16 09:05:15 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195775,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1205205,1207361,1208783,1209636,1213123,1215492,1215587,1216834,1217912,1218148,1218570,1218820,1219224,1219633,1219832,1219847,1220138,1220185,1220186,1220368,1220812,1220869,1220876,1220942,1220952,1220958,1221010,1221086,1221282,1221647,1221654,1221656,1221659,1221958,1222015,1222072,1222080,1222241,1222254,1222323,1222326,1222328,1222364,1222625,1222702,1222728,1222799,1222809,1222810,1222893,1223013,1223018,1223021,1223180,1223265,1223384,1223635,1223641,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224020,1224331,1224414,1224488,1224497,1224498,1224499,1224500,1224504,1224512,1224516,1224517,1224520,1224539,1224540,1224545,1224548,1224552,1224557,1224572,1224573,1224583,1224585,1224588,1 224602,1224603,1224604,1224605,1224612,1224614,1224619,1224636,1224641,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224683,1224694,1224696,1224700,1224703,1224712,1224716,1224719,1224735,1224743,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225088,1225098,1225105,1225272,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225489,1225504,1225505,1225514,1225518,1225535,1225564,1225573,1225581,1225585,1225586,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225711,1225714,1225717,1225719,1225726,1225732,1225737,1225744,1225745,1225746,1225749,1225752,1225753,1225757,1225758,1225759,1225760,1225767,1225770,1225815,1225823,1225834,1225838,1225840,1225851,1225866,1225872,1225894,1225903,1226022,1226131,1226145,1226149,1226155,1226202,1226211,1226212,1226226,1226502,1226514,1226519,1226520,1226537,1226538,1226539,1226550,1226551,1226552,1226553,1226554,1226555,1226556,1226557,1226558,1226559,1226561,1226562,122656 3,1226564,1226565,1226566,1226567,1226568,1226569,1226570,1226571,1226572,1226574,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226762,1226764,1226767,1226768,1226769,1226771,1226774,1226775,1226777,1226780,1226781,1226783,1226785,1226786,1226789,1226791,1226834,1226837,1226839,1226840,122 6841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226911,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226990,1226992,1226993,1226994,1226996,1227066,1227090,1227096,1227101,1227103,1227121,1227157,1227162,1227274,1227362,1227383,1227432,1227435,1227447,1227487,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928, 1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,1227956,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228226,1228235,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,12288 01,1228850,1228857,CVE-2021-4439,CVE-2021-47086,CVE-2021-47089,CVE-2021-47103,CVE-2021-47186,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47546,CVE-2021-47547,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47588,CVE-2021-47589,CVE-2021-47590,CVE-2021-47591,CVE-2021-47592,CVE-2021-47593,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47599,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47606,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE- 2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48 793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-24023,CVE-2023-52435,CVE -2023-52573,CVE-2023-52580,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-52751,CVE-2023-52752,CVE-2023-52762,CVE-2023-52766,CVE-2023-52775,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52812,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52857,CVE-2023-52863,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26615,CVE-2024-26625,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26644,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26720,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26842,CVE-2024-26845,CVE-2024-26863,CVE-2024-26923,CVE-2024-26935,CVE-2024-26961,CVE-2024-26973,CVE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27432,CVE-2024-27437,CVE-2024-3 3619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35805,CVE-2024-35807,CVE-2024-35814,CVE-2024-35819,CVE-2024-35835,CVE-2024-35837,CVE-2024-35848,CVE-2024-35853,CVE-2024-35855,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35934,CVE-2024-35949,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35979,CVE-2024-35995,CVE-2024-35997,CVE-2024-36000,CVE-2024-36004,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36288,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36889,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36904,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CV E-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36934,CVE-2024-36937,CVE-2024-36939,CVE-2024-36940,CVE-2024-36945,CVE-2024-36946,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36974,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38570,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024- 38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38628,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39276,CVE-2024-39301,CVE-2024-39371,CVE-2024-39463,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024-39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,C VE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009,CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024 -42230 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571). - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071). - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869). - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435) - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722). - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - acpi: EC: Abort address space access upon error (stable-fixes). - acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - acpi: x86: Force StorageD3Enable on more products (stable-fixes). - acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes). - alsa: emux: improve patch ioctl data validation (stable-fixes). - alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes). - alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - alsa: timer: Set lower bound of start tick time (stable-fixes). - alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - asoc: amd: acp: add a null check for chip_pdev structure (git-fixes). - asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - asoc: amd: Adjust error handling in case of absent codec device (git-fixes). - asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes). - asoc: max98088: Check for clk_prepare_enable() error (git-fixes). - asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - asoc: rt715-sdca: volume step modification (stable-fixes). - asoc: rt715: add vendor clear control register (stable-fixes). - asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block, loop: support partitions without scanning (bsc#1227162). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN . - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hid: Add quirk for Logitech Casa touchpad (stable-fixes). - hid: core: remove unnecessary WARN_ON() in implement() (git-fixes). - hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - input: qt1050 - handle CHIP_ID reading error (git-fixes). - input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kabi: bpf: callback fixes kABI workaround (bsc#1225903). - kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kabi: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes). - kvm: x86: Add IBPB_BRTYPE support (bsc#1228079). - kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - nfsd enforce filehandle check for source file in COPY (git-fixes). - nfsd: Add an nfsd_file_fsync tracepoint (git-fixes). - nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - nfsd: Clean up nfsd_open_verified() (git-fixes). - nfsd: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up unused code after rhashtable conversion (git-fixes). - nfsd: Convert filecache to rhltable (git-fixes). - nfsd: Convert the filecache to use rhashtable (git-fixes). - nfsd: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - nfsd: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - nfsd: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes). - nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - nfsd: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - nfsd: Flesh out a documenting comment for filecache.c (git-fixes). - nfsd: handle errors better in write_ports_addfd() (git-fixes). - nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - nfsd: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - nfsd: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - nfsd: nfsd_file_put() can sleep (git-fixes). - nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - nfsd: No longer record nf_hashval in the trace log (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - nfsd: Record number of flush calls (git-fixes). - nfsd: Refactor __nfsd_file_close_inode() (git-fixes). - nfsd: Refactor nfsd_create_setattr() (git-fixes). - nfsd: Refactor nfsd_file_gc() (git-fixes). - nfsd: Refactor nfsd_file_lru_scan() (git-fixes). - nfsd: Refactor NFSv3 CREATE (git-fixes). - nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes). - nfsd: Remove do_nfsd_create() (git-fixes). - nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - nfsd: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - nfsd: Replace the 'init once' mechanism (git-fixes). - nfsd: Report average age of filecache items (git-fixes). - nfsd: Report count of calls to nfsd_file_acquire() (git-fixes). - nfsd: Report count of freed filecache items (git-fixes). - nfsd: Report filecache LRU size (git-fixes). - nfsd: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - nfsd: Separate tracepoints for acquire and create (git-fixes). - nfsd: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - nfsd: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - nfsd: Trace filecache LRU activity (git-fixes). - nfsd: Trace filecache opens (git-fixes). - nfsd: update comment over __nfsd_file_cache_purge (git-fixes). - nfsd: verify the opened dentry after setting a delegation (git-fixes). - nfsd: WARN when freeing an item still linked via nf_lru (git-fixes). - nfsd: Write verifier might go backwards (git-fixes). - nfsd: Zero counters when the filecache is re-initialized (git-fixes). - nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nfsv4: Fixup smatch warning for ambiguous return (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: ensure reset state check ordering (bsc#1215492). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - pci: Clear Secondary Status errors after enumeration (bsc#1226928) - pci: Extend ACS configurability (bsc#1228090). - pci: Fix resource double counting on remove & rescan (git-fixes). - pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - pci: keystone: Do not enable BAR 0 for AM654x (git-fixes). - pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pci/aspm: Update save_state when configuration changes (bsc#1226915) - pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - ras/amd/atl: Fix MI300 bank hash (bsc#1225300). - ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - rdma/cache: Release GID table even if leak is detected (git-fixes) - rdma/device: Return error earlier if port in not valid (git-fixes) - rdma/hns: Check atomic wr length (git-fixes) - rdma/hns: Fix incorrect sge nums calculation (git-fixes) - rdma/hns: Fix insufficient extend DB for VFs. (git-fixes) - rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes) - rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - rdma/irdma: Drop unused kernel push code (git-fixes) - rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - rdma/mana_ib: Ignore optional access flags for MRs (git-fixes). - rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - rdma/mlx4: Fix truncated output warning in mad.c (git-fixes) - rdma/mlx5: Add check for srq max_sge attribute (git-fixes) - rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - rdma/restrack: Fix potential invalid address access (git-fixes) - rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - Revert 'Add remote for nfs maintainer' - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'build initrd without systemd' (bsc#1195775)'. - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679. - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - sunrpc: Fix gss_free_in_token_pages() (git-fixes). - sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - sunrpc: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: serial: mos7840: fix crash on resume (git-fixes). - usb: serial: option: add Fibocom FM350-GL (stable-fixes). - usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - usb: serial: option: add Rolling RW350-GL variants (stable-fixes). - usb: serial: option: add support for Foxconn T99W651 (stable-fixes). - usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - usb: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - usb: xhci-plat: fix legacy PHY double init (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x.509: Fix the parser of extended key usage for length (bsc#1218820). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - grub2-i386-pc-2.06-150500.29.28.1 updated - grub2-x86_64-efi-2.06-150500.29.28.1 updated - grub2-2.06-150500.29.28.1 updated - kernel-default-5.14.21-150500.55.73.1 updated - libblkid1-2.37.4-150500.9.14.2 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libuuid1-2.37.4-150500.9.14.2 updated - openssl-1_1-1.1.1l-150500.17.34.1 updated - pam-1.3.0-150000.6.71.2 updated - util-linux-systemd-2.37.4-150500.9.14.2 updated - util-linux-2.37.4-150500.9.14.2 updated From sle-container-updates at lists.suse.com Wed Aug 28 07:01:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 28 Aug 2024 09:01:29 +0200 (CEST) Subject: SUSE-IU-2024:1121-1: Security update of suse-sles-15-sp5-chost-byos-v20240826-x86_64-gen2 Message-ID: <20240828070130.037C1FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240826-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1121-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240826-x86_64-gen2:20240826 Image Release : Severity : important Type : security References : 1027519 1082555 1156395 1159034 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208783 1209636 1213123 1214718 1214960 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219004 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220356 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221086 1221282 1221647 1221654 1221656 1221659 1221958 1221984 1222015 1222072 1222075 1222080 1222241 1222254 1222285 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222809 1222810 1222893 1222985 1223013 1223018 1223021 1223107 1223180 1223265 1223384 1223535 1223571 1223635 1223641 1223652 1223675 1223778 1223806 1223813 1223815 1223836 1223863 1224014 1224016 1224020 1224226 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225770 1225815 1225823 1225834 1225838 1225840 1225851 1225866 1225872 1225894 1225903 1225976 1226022 1226100 1226125 1226128 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226463 1226469 1226502 1226514 1226519 1226520 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226653 1226657 1226658 1226664 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227067 1227090 1227096 1227101 1227103 1227106 1227121 1227138 1227157 1227162 1227274 1227308 1227355 1227362 1227383 1227432 1227435 1227447 1227487 1227525 1227573 1227618 1227620 1227626 1227635 1227661 1227711 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228124 1228140 1228190 1228191 1228226 1228235 1228247 1228322 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228770 1228801 1228850 1228857 916845 CVE-2013-4235 CVE-2013-4235 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-24023 CVE-2023-46842 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-31143 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36945 CVE-2024-36946 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-37891 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240826-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2654-1 Released: Tue Jul 30 15:33:33 2024 Summary: Security update for xen Type: security Severity: important References: 1027519,1214718,1221984,1227355,CVE-2023-46842,CVE-2024-31143 This update for xen fixes the following issues: - CVE-2023-46842: Fixed x86 HVM hypercalls may trigger Xen bug check (XSA-454, bsc#1221984). - CVE-2024-31143: Fixed double unlock in x86 guest IRQ handling (XSA-458, bsc#1227355). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2658-1 Released: Tue Jul 30 15:37:26 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2678-1 Released: Wed Jul 31 06:59:12 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1225976,1226125,1226664 This update for wicked fixes the following issues: - Update to version 0.6.76 - compat-suse: warn user and create missing parent config of infiniband children - client: fix origin in loaded xml-config with obsolete port references but missing port interface config, causing a no-carrier of master (bsc#1226125) - ipv6: fix setup on ipv6.disable=1 kernel cmdline (bsc#1225976) - wireless: add frequency-list in station mode (jsc#PED-8715) - client: fix crash while hierarchy traversing due to loop in e.g. systemd-nspawn containers (bsc#1226664) - man: add supported bonding options to ifcfg-bonding(5) man page - arputil: Document minimal interval for getopts - man: (re)generate man pages from md sources - client: warn on interface wait time reached - compat-suse: fix dummy type detection from ifname to not cause conflicts with e.g. correct vlan config on dummy0.42 interfaces - compat-suse: fix infiniband and infiniband child type detection from ifname ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2688-1 Released: Thu Aug 1 07:00:59 2024 Summary: Feature update for Public Cloud Type: feature Severity: important References: 1222075,1227067,1227106,1227711 This update for Public Cloud fixes the following issues: - Added Public Cloud packages and dependencies to SLE Micro 5.5 to enhance SUSE Manager 5.0 (jsc#SMO-345): * google-guest-agent (no source changes) * google-guest-configs (no source changes) * google-guest-oslogin (no source changes) * google-osconfig-agent (no source changes) * growpart-rootgrow (no source changes) * python-azure-agent (includes bug fixes see below) * python-cssselect (no source changes) * python-instance-billing-flavor-check (no source changes) * python-toml (no source changes) * python3-lxml (inlcudes a bug fix, see below) - python-azure-agent received the following fixes: * Use the proper option to force btrfs to overwrite a file system on the resource disk if one already exists (bsc#1227711) * Set Provisioning.Agent parameter to 'cloud-init' in SLE Micro 5.5 and newer (bsc#1227106) * Do not package `waagent2.0` in Python 3 builds * Do not require `wicked` in non-SUSE build environments * Apply python3 interpreter patch in non SLE build environments (bcs#1227067) - python3-lxml also received the following fix: * Fixed compatibility with system libexpat in tests (bnc#1222075) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2742-1 Released: Mon Aug 5 17:35:36 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1219004,1223107,1226128 This update for suseconnect-ng fixes the following issues: - Version update * Added uname as collector * Added SAP workload detection * Added detection of container runtimes * Multiple fixes on ARM64 detection * Use `read_values` for the CPU collector on Z * Fixed data collection for ppc64le * Grab the home directory from /etc/passwd if needed (bsc#1226128) * Build zypper-migration and zypper-packages-search as standalone binaries rather then one single binary * Add --gpg-auto-import-keys flag before action in zypper command (bsc#1219004) * Include /etc/products.d in directories whose content are backed up and restored if a zypper-migration rollback happens (bsc#1219004) * Add the ability to upload the system uptime logs, produced by the suse-uptime-tracker daemon, to SCC/RMT as part of keepalive report (jsc#PED-7982) (jsc#PED-8018) * Add support for third party packages in SUSEConnect * Refactor existing system information collection implementation self-signed SSL certificate (bsc#1223107) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2791-1 Released: Tue Aug 6 16:35:05 2024 Summary: Recommended update for various 32bit packages Type: recommended Severity: moderate References: 1228322 This update of various packages delivers 32bit variants to allow running Wine on SLE PackageHub 15 SP6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2799-1 Released: Wed Aug 7 08:19:10 2024 Summary: Recommended update for runc Type: recommended Severity: important References: 1214960 This update for runc fixes the following issues: - Update to runc v1.1.13, changelog is available at https://github.com/opencontainers/runc/releases/tag/v1.1.13 - Fix a performance issue when running lots of containers caused by too many mount notifications (bsc#1214960) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2804-1 Released: Wed Aug 7 09:48:29 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2869-1 Released: Fri Aug 9 15:59:29 2024 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1220356,1227525 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2886-1 Released: Tue Aug 13 09:46:48 2024 Summary: Recommended update for dmidecode Type: recommended Severity: moderate References: This update for dmidecode fixes the following issues: - Version update (jsc#PED-8574): * Support for SMBIOS 3.6.0. This includes new memory device types, new processor upgrades, and Loongarch support * Support for SMBIOS 3.7.0. This includes new port types, new processor upgrades, new slot characteristics and new fields for memory modules * Add bash completion * Decode HPE OEM records 197, 216, 224, 230, 238, 239, 242 and 245 * Implement options --list-strings and --list-types * Update HPE OEM records 203, 212, 216, 221, 233 and 236 * Update Redfish support * Bug fixes: - Fix enabled slot characteristics not being printed * Minor improvements: - Print slot width on its own line - Use standard strings for slot width * Add a --no-quirks option * Drop the CPUID exception list * Obsoletes patches removed : dmidecode-do-not-let-dump-bin-overwrite-an-existing-file, dmidecode-fortify-entry-point-length-checks, dmidecode-split-table-fetching-from-decoding, dmidecode-write-the-whole-dump-file-at-once, dmioem-fix-segmentation-fault-in-dmi_hp_240_attr, dmioem-hpe-oem-record-237-firmware-change, dmioem-typo-fix-virutal-virtual, ensure-dev-mem-is-a-character-device-file, news-fix-typo, use-read_file-to-read-from-dump Update for HPE servers from upstream: - dmioem-update-hpe-oem-type-238 patch: Decode PCI bus segment in HPE type 238 records ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2912-1 Released: Wed Aug 14 20:20:13 2024 Summary: Recommended update for cloud-regionsrv-client Type: recommended Severity: important References: 1222985,1223571,1224014,1224016,1227308 This update for cloud-regionsrv-client contains the following fixes: - Update to version 10.3.0 (bsc#1227308, bsc#1222985) + Add support for sidecar registry Podman and rootless Docker support to set up the necessary configuration for the container engines to run as defined + Add running command as root through sudoers file - Update to version 10.2.0 (bsc#1223571, bsc#1224014, bsc#1224016) + In addition to logging, write message to stderr when registration fails + Detect transactional-update system with read only setup and use the transactional-update command to register + Handle operation in a different target root directory for credentials checking ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2921-1 Released: Thu Aug 15 07:00:32 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1223535,1224226,1226100,1228124 This update for grub2 fixes the following issues: - Fix btrfs subvolume for platform modules not mounting at runtime when the default subvolume is the topmost root tree (bsc#1228124) - Fix error in grub-install when root is on tmpfs (bsc#1226100) - Fix input handling in ppc64le grub2 has high latency (bsc#1223535) - Fix error in /etc/grub.d/20_linux_xen: file_is_not_sym not found, renamed to file_is_not_xen_garbage (bsc#1224226) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2939-1 Released: Fri Aug 16 09:05:15 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195775,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1205205,1207361,1208783,1209636,1213123,1215492,1215587,1216834,1217912,1218148,1218570,1218820,1219224,1219633,1219832,1219847,1220138,1220185,1220186,1220368,1220812,1220869,1220876,1220942,1220952,1220958,1221010,1221086,1221282,1221647,1221654,1221656,1221659,1221958,1222015,1222072,1222080,1222241,1222254,1222323,1222326,1222328,1222364,1222625,1222702,1222728,1222799,1222809,1222810,1222893,1223013,1223018,1223021,1223180,1223265,1223384,1223635,1223641,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224020,1224331,1224414,1224488,1224497,1224498,1224499,1224500,1224504,1224512,1224516,1224517,1224520,1224539,1224540,1224545,1224548,1224552,1224557,1224572,1224573,1224583,1224585,1224588,1 224602,1224603,1224604,1224605,1224612,1224614,1224619,1224636,1224641,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224683,1224694,1224696,1224700,1224703,1224712,1224716,1224719,1224735,1224743,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225088,1225098,1225105,1225272,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225489,1225504,1225505,1225514,1225518,1225535,1225564,1225573,1225581,1225585,1225586,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225711,1225714,1225717,1225719,1225726,1225732,1225737,1225744,1225745,1225746,1225749,1225752,1225753,1225757,1225758,1225759,1225760,1225767,1225770,1225815,1225823,1225834,1225838,1225840,1225851,1225866,1225872,1225894,1225903,1226022,1226131,1226145,1226149,1226155,1226202,1226211,1226212,1226226,1226502,1226514,1226519,1226520,1226537,1226538,1226539,1226550,1226551,1226552,1226553,1226554,1226555,1226556,1226557,1226558,1226559,1226561,1226562,122656 3,1226564,1226565,1226566,1226567,1226568,1226569,1226570,1226571,1226572,1226574,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226762,1226764,1226767,1226768,1226769,1226771,1226774,1226775,1226777,1226780,1226781,1226783,1226785,1226786,1226789,1226791,1226834,1226837,1226839,1226840,122 6841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226911,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226990,1226992,1226993,1226994,1226996,1227066,1227090,1227096,1227101,1227103,1227121,1227157,1227162,1227274,1227362,1227383,1227432,1227435,1227447,1227487,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928, 1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,1227956,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228226,1228235,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,12288 01,1228850,1228857,CVE-2021-4439,CVE-2021-47086,CVE-2021-47089,CVE-2021-47103,CVE-2021-47186,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47546,CVE-2021-47547,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47588,CVE-2021-47589,CVE-2021-47590,CVE-2021-47591,CVE-2021-47592,CVE-2021-47593,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47599,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47606,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE- 2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48 793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-24023,CVE-2023-52435,CVE -2023-52573,CVE-2023-52580,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-52751,CVE-2023-52752,CVE-2023-52762,CVE-2023-52766,CVE-2023-52775,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52812,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52857,CVE-2023-52863,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26615,CVE-2024-26625,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26644,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26720,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26842,CVE-2024-26845,CVE-2024-26863,CVE-2024-26923,CVE-2024-26935,CVE-2024-26961,CVE-2024-26973,CVE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27432,CVE-2024-27437,CVE-2024-3 3619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35805,CVE-2024-35807,CVE-2024-35814,CVE-2024-35819,CVE-2024-35835,CVE-2024-35837,CVE-2024-35848,CVE-2024-35853,CVE-2024-35855,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35934,CVE-2024-35949,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35979,CVE-2024-35995,CVE-2024-35997,CVE-2024-36000,CVE-2024-36004,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36288,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36889,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36904,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CV E-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36934,CVE-2024-36937,CVE-2024-36939,CVE-2024-36940,CVE-2024-36945,CVE-2024-36946,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36974,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38570,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024- 38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38628,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39276,CVE-2024-39301,CVE-2024-39371,CVE-2024-39463,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024-39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,C VE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009,CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024 -42230 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571). - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071). - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869). - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435) - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722). - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - acpi: EC: Abort address space access upon error (stable-fixes). - acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - acpi: x86: Force StorageD3Enable on more products (stable-fixes). - acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes). - alsa: emux: improve patch ioctl data validation (stable-fixes). - alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes). - alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - alsa: timer: Set lower bound of start tick time (stable-fixes). - alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - asoc: amd: acp: add a null check for chip_pdev structure (git-fixes). - asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - asoc: amd: Adjust error handling in case of absent codec device (git-fixes). - asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes). - asoc: max98088: Check for clk_prepare_enable() error (git-fixes). - asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - asoc: rt715-sdca: volume step modification (stable-fixes). - asoc: rt715: add vendor clear control register (stable-fixes). - asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block, loop: support partitions without scanning (bsc#1227162). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN . - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hid: Add quirk for Logitech Casa touchpad (stable-fixes). - hid: core: remove unnecessary WARN_ON() in implement() (git-fixes). - hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - input: qt1050 - handle CHIP_ID reading error (git-fixes). - input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kabi: bpf: callback fixes kABI workaround (bsc#1225903). - kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kabi: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes). - kvm: x86: Add IBPB_BRTYPE support (bsc#1228079). - kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - nfsd enforce filehandle check for source file in COPY (git-fixes). - nfsd: Add an nfsd_file_fsync tracepoint (git-fixes). - nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - nfsd: Clean up nfsd_open_verified() (git-fixes). - nfsd: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up unused code after rhashtable conversion (git-fixes). - nfsd: Convert filecache to rhltable (git-fixes). - nfsd: Convert the filecache to use rhashtable (git-fixes). - nfsd: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - nfsd: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - nfsd: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes). - nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - nfsd: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - nfsd: Flesh out a documenting comment for filecache.c (git-fixes). - nfsd: handle errors better in write_ports_addfd() (git-fixes). - nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - nfsd: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - nfsd: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - nfsd: nfsd_file_put() can sleep (git-fixes). - nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - nfsd: No longer record nf_hashval in the trace log (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - nfsd: Record number of flush calls (git-fixes). - nfsd: Refactor __nfsd_file_close_inode() (git-fixes). - nfsd: Refactor nfsd_create_setattr() (git-fixes). - nfsd: Refactor nfsd_file_gc() (git-fixes). - nfsd: Refactor nfsd_file_lru_scan() (git-fixes). - nfsd: Refactor NFSv3 CREATE (git-fixes). - nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes). - nfsd: Remove do_nfsd_create() (git-fixes). - nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - nfsd: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - nfsd: Replace the 'init once' mechanism (git-fixes). - nfsd: Report average age of filecache items (git-fixes). - nfsd: Report count of calls to nfsd_file_acquire() (git-fixes). - nfsd: Report count of freed filecache items (git-fixes). - nfsd: Report filecache LRU size (git-fixes). - nfsd: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - nfsd: Separate tracepoints for acquire and create (git-fixes). - nfsd: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - nfsd: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - nfsd: Trace filecache LRU activity (git-fixes). - nfsd: Trace filecache opens (git-fixes). - nfsd: update comment over __nfsd_file_cache_purge (git-fixes). - nfsd: verify the opened dentry after setting a delegation (git-fixes). - nfsd: WARN when freeing an item still linked via nf_lru (git-fixes). - nfsd: Write verifier might go backwards (git-fixes). - nfsd: Zero counters when the filecache is re-initialized (git-fixes). - nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nfsv4: Fixup smatch warning for ambiguous return (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: ensure reset state check ordering (bsc#1215492). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - pci: Clear Secondary Status errors after enumeration (bsc#1226928) - pci: Extend ACS configurability (bsc#1228090). - pci: Fix resource double counting on remove & rescan (git-fixes). - pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - pci: keystone: Do not enable BAR 0 for AM654x (git-fixes). - pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pci/aspm: Update save_state when configuration changes (bsc#1226915) - pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - ras/amd/atl: Fix MI300 bank hash (bsc#1225300). - ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - rdma/cache: Release GID table even if leak is detected (git-fixes) - rdma/device: Return error earlier if port in not valid (git-fixes) - rdma/hns: Check atomic wr length (git-fixes) - rdma/hns: Fix incorrect sge nums calculation (git-fixes) - rdma/hns: Fix insufficient extend DB for VFs. (git-fixes) - rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes) - rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - rdma/irdma: Drop unused kernel push code (git-fixes) - rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - rdma/mana_ib: Ignore optional access flags for MRs (git-fixes). - rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - rdma/mlx4: Fix truncated output warning in mad.c (git-fixes) - rdma/mlx5: Add check for srq max_sge attribute (git-fixes) - rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - rdma/restrack: Fix potential invalid address access (git-fixes) - rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - Revert 'Add remote for nfs maintainer' - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'build initrd without systemd' (bsc#1195775)'. - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679. - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - sunrpc: Fix gss_free_in_token_pages() (git-fixes). - sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - sunrpc: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: serial: mos7840: fix crash on resume (git-fixes). - usb: serial: option: add Fibocom FM350-GL (stable-fixes). - usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - usb: serial: option: add Rolling RW350-GL variants (stable-fixes). - usb: serial: option: add support for Foxconn T99W651 (stable-fixes). - usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - usb: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - usb: xhci-plat: fix legacy PHY double init (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x.509: Fix the parser of extended key usage for length (bsc#1218820). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - ca-certificates-mozilla-2.68-150200.33.1 updated - dmidecode-3.6-150400.16.11.2 updated - gettext-runtime-0.20.2-1.43 added - glibc-locale-base-2.31-150300.83.1 added - glibc-locale-2.31-150300.83.1 added - glibc-2.31-150300.83.1 added - gpg2-2.2.27-150300.3.8.1 added - gptfdisk-1.0.8-150400.1.7 added - grep-3.1-150000.4.6.1 added - growpart-0.31-5.9.3 added - grub2-i386-pc-2.06-150500.29.28.1 added - grub2-x86_64-efi-2.06-150500.29.28.1 added - grub2-2.06-150500.29.28.1 added - gzip-1.10-150200.10.1 added - haveged-1.9.14-150400.3.3.1 added - hostname-3.16-2.22 added - hwdata-0.380-150000.3.68.1 added - hwinfo-21.85-150500.3.3.1 added - hyper-v-8-150200.14.8.1 added - info-6.5-4.17 added - iproute2-5.14-150400.1.8 added - iptables-1.8.7-1.1 added - iputils-20221126-150500.3.8.2 added - jq-1.6-3.3.1 added - kbd-legacy-2.4.0-150400.5.6.1 added - kbd-2.4.0-150400.5.6.1 added - kdump-1.0.2+git47.g28549ab-150500.3.6.1 added - kernel-default-5.14.21-150500.55.73.1 added - kexec-tools-2.0.20-150500.18.3 added - keyutils-1.6.3-5.6.1 added - kmod-29-4.15.1 added - krb5-1.20.1-150500.3.9.1 added - less-590-150400.3.9.1 added - libabsl2401_0_0-20240116.1-150500.13.7.8 added - libacl1-2.2.52-4.3.1 added - libapparmor1-3.0.4-150500.11.9.1 added - libargon2-1-0.0+git20171227.670229c-2.14 added - libasm1-0.185-150400.5.3.1 added - libassuan0-2.5.5-150000.4.7.1 added - libattr1-2.4.47-2.19 added - libaudit1-3.0.6-150400.4.16.1 added - libaugeas0-1.12.0-150400.3.3.6 added - libauparse0-3.0.6-150400.4.16.1 added - libavahi-client3-0.8-150400.7.16.1 added - libavahi-common3-0.8-150400.7.16.1 added - libblkid1-2.37.4-150500.9.14.2 added - libblogger2-2.26-150300.4.6.1 added - libboost_system1_66_0-1.66.0-12.3.1 added - libboost_thread1_66_0-1.66.0-12.3.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libbz2-1-1.0.8-150400.1.122 added - libcap-ng0-0.7.9-4.37 added - libcap2-2.63-150400.3.3.1 added - libcares2-1.19.1-150000.3.26.1 added - libcbor0-0.5.0-150100.4.6.1 added - libcom_err2-1.46.4-150400.3.6.2 added - libcpupower0-5.14-150500.9.3.1 added - libcrack2-2.9.7-11.6.1 added - libcrypt1-4.4.15-150300.4.7.1 added - libcryptsetup12-2.4.3-150400.3.3.1 added - libcurl4-8.0.1-150400.5.44.1 added - libdbus-1-3-1.12.2-150400.18.8.1 added - libdevmapper1_03-2.03.22_1.02.196-150500.7.9.1 added - libdw1-0.185-150400.5.3.1 added - libeconf0-0.5.2-150400.3.6.1 added - libedit0-3.1.snap20150325-2.12 added - libefivar1-37-6.12.1 added - libelf1-0.185-150400.5.3.1 added - libesmtp-1.0.6-150.4.1 added - libestr0-0.1.10-1.25 added - libevent-2_1-8-2.1.8-2.23 added - libexpat1-2.4.4-150400.3.17.1 added - libext2fs2-1.46.4-150400.3.6.2 added - libfastjson4-0.99.9-150400.3.3.1 added - libfdisk1-2.37.4-150500.9.14.2 added - libffi7-3.2.1.git259-10.8 added - libfido2-1-1.13.0-150400.5.6.1 added - libfipscheck1-1.4.1-3.3.1 added - libfreetype6-2.10.4-150000.4.15.1 added - libfstrm0-0.6.1-150300.9.5.1 added - libfuse2-2.9.7-3.3.1 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 added - libgcrypt20-1.9.4-150500.10.19 added - libgdbm4-1.12-1.418 added - libglib-2_0-0-2.70.5-150400.3.11.1 added - libgmp10-6.1.2-4.9.1 added - libgnutls30-3.7.3-150400.4.44.1 added - libgpg-error0-1.42-150400.1.101 added - libgpgme11-1.16.0-150400.1.80 added - libhavege2-1.9.14-150400.3.3.1 added - libhidapi-hidraw0-0.10.1-150300.3.2.1 added - libhogweed6-3.8.1-150500.2.25 added - libidn2-0-2.2.0-3.6.1 added - libinih0-53-150400.1.7 added - libip4tc2-1.8.7-1.1 added - libip6tc2-1.8.7-1.1 added - libjitterentropy3-3.4.1-150000.1.12.1 added - libjq1-1.6-3.3.1 added - libjson-c3-0.13-3.3.1 added - libkeyutils1-1.6.3-5.6.1 added - libkmod2-29-4.15.1 added - libksba8-1.3.5-150000.4.6.1 added - libldap-2_4-2-2.4.46-150200.14.17.1 added - libldap-data-2.4.46-150200.14.17.1 added - libldb2-2.6.2-150500.1.1 added - liblmdb-0_9_30-0.9.30-150500.1.1 added - liblogging0-1.0.6-3.21 added - liblognorm5-2.0.6-150000.3.3.1 added - liblua5_3-5-5.3.6-3.6.1 added - liblz4-1-1.9.3-150400.1.7 added - liblzma5-5.2.3-150000.4.7.1 added - liblzo2-2-2.10-2.22 added - libmagic1-5.32-7.14.1 added - libmaxminddb0-1.4.3-150000.1.8.1 added - libmetalink3-0.1.3-150000.3.2.1 added - libmnl0-1.0.4-1.25 added - libmount1-2.37.4-150500.9.14.2 added - libncurses6-6.1-150000.5.24.1 added - libnetfilter_conntrack3-1.0.7-1.38 added - libnetfilter_cthelper0-1.0.0-1.21 added - libnetfilter_cttimeout1-1.0.0-1.22 added - libnettle8-3.8.1-150500.2.25 added - libnfnetlink0-1.0.1-2.11 added - libnftnl11-1.2.0-150400.1.6 added - libnghttp2-14-1.40.0-150200.17.1 added - libnl-config-3.3.0-1.29 added - libnl3-200-3.3.0-1.29 added - libnpth0-1.5-2.11 added - libnscd1-2.0.2-3.21 added - libnsl2-1.2.0-2.44 added - libnss_usrfiles2-2.25-2.12 added - libonig4-6.7.0-150000.3.6.1 added - libopeniscsiusr0-0.2.0-150500.46.3.1 added - libopenssl1_1-1.1.1l-150500.17.34.1 added - libp11-kit0-0.23.22-150500.8.3.1 added - libparted0-3.2-150300.21.3.1 added - libpcap1-1.10.1-150400.1.7 added - libpci3-3.5.6-150300.13.6.1 added - libpcre1-8.45-150000.20.13.1 added - libpcre2-8-0-10.39-150400.4.9.1 added - libpng16-16-1.6.34-3.9.1 added - libpopt0-1.16-3.22 added - libprocps8-3.3.17-150000.7.39.1 added - libprotobuf-c1-1.3.2-150200.3.9.1 added - libprotobuf-lite25_1_0-25.1-150500.12.2.2 added - libproxy1-0.4.17-150400.1.8 added - libpsl5-0.20.1-150000.3.3.1 added - libpython3_6m1_0-3.6.15-150300.10.65.1 added - librdkafka1-0.11.6-1.8.1 added - libreadline7-7.0-150400.25.22 added - librelp0-1.11.0-150000.3.3.1 added - libsasl2-3-2.1.28-150500.1.1 added - libseccomp2-2.5.3-150400.2.4 added - libselinux1-3.1-150400.1.69 added - libsemanage1-3.1-150400.3.4.2 added - libsepol1-3.1-150400.1.70 added - libsigc-2_0-0-2.10.7-150400.3.3.1 added - libsmartcols1-2.37.4-150500.9.14.2 added - libsmi2-0.4.8-1.29 added - libsmi-0.4.8-1.29 added - libsnappy1-1.1.8-3.3.1 added - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 added - libsqlite3-0-3.44.0-150000.3.23.1 added - libssh-config-0.9.8-150400.3.6.1 added - libssh4-0.9.8-150400.3.6.1 added - libstdc++6-13.3.0+git8781-150000.1.12.1 added - libsystemd0-249.17-150400.8.40.1 added - libtalloc2-2.3.4-150500.1.1 added - libtasn1-6-4.13-150000.4.8.1 added - libtasn1-4.13-150000.4.8.1 added - libtdb1-1.4.7-150500.1.1 added - libtevent0-0.13.0-150500.1.1 added - libtextstyle0-0.20.2-1.43 added - libtirpc-netconfig-1.3.4-150300.3.23.1 added - libtirpc3-1.3.4-150300.3.23.1 added - libtss2-esys0-3.1.0-150400.3.6.1 added - libtss2-fapi1-3.1.0-150400.3.6.1 added - libtss2-mu0-3.1.0-150400.3.6.1 added - libtss2-rc0-3.1.0-150400.3.6.1 added - libtss2-sys1-3.1.0-150400.3.6.1 added - libtss2-tctildr0-3.1.0-150400.3.6.1 added - libudev1-249.17-150400.8.40.1 added - libunistring2-0.9.10-1.1 added - libusb-1_0-0-1.0.24-150400.3.3.1 added - libutempter0-1.1.6-3.42 added - libuuid1-2.37.4-150500.9.14.2 added - libuv1-1.44.2-150500.3.2.1 added - libverto1-0.2.6-3.20 added - libwrap0-7.6-1.433 added - libx86emu3-3.1-1.23 added - libxml2-2-2.10.3-150500.5.17.1 added - libxslt1-1.1.34-150400.3.3.1 added - libxtables12-1.8.7-1.1 added - libyajl2-2.1.0-150000.4.6.1 added - libyaml-0-2-0.1.7-150000.3.2.1 added - libyaml-cpp0_6-0.6.3-150400.4.3.1 added - libz1-1.2.13-150500.4.3.1 added - libzck1-1.1.16-150400.3.7.1 added - libzio1-1.06-2.20 added - libzstd1-1.5.0-150400.3.3.1 added - libzypp-17.34.1-150500.6.2.1 added - login_defs-4.8.1-150400.10.21.1 added - logrotate-3.18.1-150400.3.7.1 added - makedumpfile-1.7.0-150400.4.3.1 added - mokutil-0.5.0-150400.3.3.1 added - ncurses-utils-6.1-150000.5.24.1 added - net-tools-2.0+git20170221.479bb4a-3.11 added - netcfg-11.6-150000.3.6.1 added - nfs-client-2.1.1-150500.22.3.1 added - nfsidmap-0.26-150000.3.7.1 added - open-iscsi-2.1.9-150500.46.3.1 added - openssh-clients-8.4p1-150300.3.37.1 added - openssh-common-8.4p1-150300.3.37.1 added - openssh-server-8.4p1-150300.3.37.1 added - openssh-8.4p1-150300.3.37.1 added - openssl-1_1-1.1.1l-150500.17.34.1 added - openssl-1.1.1l-150400.1.5 added - p11-kit-tools-0.23.22-150500.8.3.1 added - p11-kit-0.23.22-150500.8.3.1 added - pam-config-1.1-150200.3.6.1 added - pam-1.3.0-150000.6.71.2 added - parted-3.2-150300.21.3.1 added - pciutils-3.5.6-150300.13.6.1 added - perl-Bootloader-0.947-150400.3.12.1 added - perl-base-5.26.1-150300.17.17.1 added - perl-5.26.1-150300.17.17.1 added - permissions-20201225-150400.5.16.1 added - pigz-2.3.3-1.28 added - pinentry-1.1.0-4.3.1 added - pkg-config-0.29.2-1.436 added - procps-3.3.17-150000.7.39.1 added - python-azure-agent-config-server-2.9.1.1-150400.3.41.1 added - python-azure-agent-2.9.1.1-150400.3.41.1 added - python-instance-billing-flavor-check-0.0.6-150400.1.11.7 added - python3-Babel-2.8.0-3.3.1 added - python3-Jinja2-2.10.1-150000.3.13.1 added - python3-MarkupSafe-1.0-1.29 added - python3-PyJWT-2.4.0-150200.3.8.1 added - python3-PyYAML-5.4.1-150300.3.3.1 added - python3-apipkg-2.1.0-150500.1.1 added - python3-appdirs-1.4.3-1.21 added - python3-asn1crypto-0.24.0-3.2.1 added - python3-attrs-19.3.0-150200.3.6.1 added - python3-base-3.6.15-150300.10.65.1 added - python3-bind-9.16.50-150500.8.21.1 added - python3-blinker-1.4-150000.3.6.1 added - python3-certifi-2018.1.18-150000.3.3.1 added - python3-cffi-1.13.2-3.2.5 added - python3-chardet-3.0.4-150000.5.3.1 added - python3-configobj-5.0.6-150000.3.3.1 added - python3-cryptography-3.3.2-150400.23.1 added - python3-cssselect-1.0.3-150400.3.7.4 added - python3-distro-1.5.0-3.5.1 added - python3-idna-2.6-150000.3.3.1 added - python3-importlib-metadata-1.5.0-150100.3.5.1 added - python3-iniconfig-1.1.1-150000.1.11.1 added - python3-jsonpatch-1.23-150100.3.5.1 added - python3-jsonpointer-1.14-150000.3.2.1 added - python3-jsonschema-3.2.0-150200.9.5.1 added - python3-lxml-4.9.1-150500.3.4.3 added - python3-more-itertools-8.10.0-150400.7.1 added - python3-netifaces-0.10.6-150000.3.2.1 added - python3-oauthlib-2.0.6-150000.3.6.1 added - python3-ordered-set-4.0.2-150400.8.34 added - python3-packaging-21.3-150200.3.3.1 added - python3-passlib-1.7.4-150300.3.2.1 added - python3-ply-3.10-150000.3.5.1 added - python3-pyOpenSSL-21.0.0-150400.7.62 added - python3-pyasn1-0.4.2-150000.3.5.1 added - python3-pycparser-2.17-3.2.1 added - python3-pyparsing-2.4.7-1.24 added - python3-pyrsistent-0.14.4-150100.3.4.1 added - python3-pyserial-3.4-150000.3.4.1 added - python3-pytz-2022.1-150300.3.6.1 added - python3-py-1.10.0-150100.5.12.1 added - python3-requests-2.25.1-150300.3.12.2 added - python3-setuptools-44.1.1-150400.9.6.1 added - python3-six-1.14.0-12.1 added - python3-urllib3-1.25.10-150300.4.12.1 added - python3-zipp-0.6.0-150100.3.5.1 added - python3-3.6.15-150300.10.65.2 added - rpcbind-0.2.3-5.9.2 added - rpm-config-SUSE-1-150400.14.3.1 added - rpm-ndb-4.14.3-150400.59.16.1 added - rsyslog-module-relp-8.2306.0-150400.5.27.1 added - rsyslog-8.2306.0-150400.5.27.1 added - runc-1.1.13-150000.67.1 added - samba-client-libs-4.17.12+git.462.df636292e62-150500.3.23.7 added - sed-4.4-150300.13.3.1 added - shadow-4.8.1-150400.10.21.1 added - shim-15.8-150300.4.20.2 added - sle-module-basesystem-release-15.5-150500.43.2 added - sle-module-containers-release-15.5-150500.43.2 added - sle-module-public-cloud-release-15.5-150500.43.2 added - sle-module-server-applications-release-15.5-150500.43.2 added - sles-release-15.5-150500.43.4 added - socat-1.8.0.0-150400.14.3.1 added - sudo-1.9.12p1-150500.7.10.1 added - supportutils-plugin-suse-public-cloud-1.0.9-150000.3.20.1 added - supportutils-3.1.30-150300.7.35.30.1 added - suse-build-key-12.0-150000.8.49.2 added - suse-module-tools-15.5.5-150500.3.12.2 added - suseconnect-ng-1.11.0-150500.3.26.4 added - sysconfig-netconfig-0.85.9-150200.12.1 added - sysconfig-0.85.9-150200.12.1 added - syslog-service-2.0-11.2 added - system-group-audit-3.0.6-150400.4.16.1 added - system-group-hardware-20170617-150400.24.2.1 added - system-group-kvm-20170617-150400.24.2.1 added - system-group-wheel-20170617-150400.24.2.1 added - system-user-nobody-20170617-150400.24.2.1 added - system-user-root-20190513-3.3.1 added - systemd-default-settings-branding-SLE-0.10-150300.3.7.1 added - systemd-default-settings-0.10-150300.3.7.1 added - systemd-presets-branding-SLE-15.1-150100.20.14.1 added - systemd-presets-common-SUSE-15-150500.20.6.1 added - systemd-rpm-macros-15-150000.7.39.1 added - systemd-sysvinit-249.17-150400.8.40.1 added - systemd-249.17-150400.8.40.1 added - sysuser-shadow-3.2-150400.3.5.3 added - sysvinit-tools-2.99-1.1 added - tar-1.34-150000.3.34.1 added - tcpdump-4.99.1-150400.1.8 added - terminfo-base-6.1-150000.5.24.1 added - terminfo-6.1-150000.5.24.1 added - timezone-2024a-150000.75.28.1 added - tpm2.0-tools-5.2-150400.6.3.1 added - udev-249.17-150400.8.40.1 added - update-alternatives-1.19.0.4-150000.4.4.1 added - util-linux-systemd-2.37.4-150500.9.14.2 added - util-linux-2.37.4-150500.9.14.2 added - vim-data-common-9.1.0330-150500.20.12.1 added - vim-9.1.0330-150500.20.12.1 added - wget-1.20.3-150000.3.20.1 added - which-2.21-2.20 added - wicked-service-0.6.76-150500.3.33.1 added - wicked-0.6.76-150500.3.33.1 added - xen-libs-4.17.4_04-150500.3.33.1 added - xfsprogs-5.13.0-150400.3.10.2 added - xtables-plugins-1.8.7-1.1 added - xz-5.2.3-150000.4.7.1 added - zstd-1.5.0-150400.3.3.1 added - zypper-1.14.73-150500.6.2.1 added From sle-container-updates at lists.suse.com Thu Aug 29 07:01:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:01:42 +0200 (CEST) Subject: SUSE-IU-2024:1126-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240829070142.11145FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1126-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.128 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.128 Severity : important Type : security References : 1082555 1156395 1159034 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208690 1208783 1209636 1213123 1214980 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221086 1221282 1221647 1221654 1221656 1221659 1221958 1222015 1222072 1222080 1222241 1222254 1222285 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222804 1222807 1222809 1222810 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222893 1223013 1223018 1223021 1223180 1223265 1223384 1223635 1223641 1223652 1223675 1223724 1223778 1223806 1223813 1223815 1223836 1223863 1224020 1224113 1224115 1224116 1224118 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225770 1225815 1225823 1225834 1225838 1225840 1225851 1225866 1225872 1225894 1225903 1226022 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226412 1226463 1226502 1226514 1226519 1226520 1226529 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226653 1226657 1226658 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226715 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227090 1227096 1227101 1227103 1227121 1227138 1227150 1227157 1227162 1227186 1227187 1227274 1227362 1227383 1227432 1227435 1227447 1227487 1227573 1227618 1227620 1227626 1227635 1227661 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227918 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228140 1228190 1228191 1228226 1228235 1228247 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228770 1228801 1228850 1228857 916845 CVE-2013-4235 CVE-2013-4235 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-24023 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2023-5388 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36945 CVE-2024-36946 CVE-2024-36949 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-37370 CVE-2024-37371 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2659-1 Released: Tue Jul 30 15:37:52 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2809-1 Released: Wed Aug 7 09:49:44 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2939-1 Released: Fri Aug 16 09:05:15 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1156395,1190336,1191958,1193454,1193554,1193787,1193883,1194324,1194826,1194869,1195065,1195254,1195341,1195349,1195357,1195668,1195775,1195927,1195957,1196018,1196746,1196823,1197146,1197246,1197762,1197915,1198014,1199295,1202346,1202686,1202767,1202780,1205205,1207361,1208783,1209636,1213123,1215492,1215587,1216834,1217912,1218148,1218570,1218820,1219224,1219633,1219832,1219847,1220138,1220185,1220186,1220368,1220812,1220869,1220876,1220942,1220952,1220958,1221010,1221086,1221282,1221647,1221654,1221656,1221659,1221958,1222015,1222072,1222080,1222241,1222254,1222323,1222326,1222328,1222364,1222625,1222702,1222728,1222799,1222809,1222810,1222893,1223013,1223018,1223021,1223180,1223265,1223384,1223635,1223641,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224020,1224331,1224414,1224488,1224497,1224498,1224499,1224500,1224504,1224512,1224516,1224517,1224520,1224539,1224540,1224545,1224548,1224552,1224557,1224572,1224573,1224583,1224585,1224588,1 224602,1224603,1224604,1224605,1224612,1224614,1224619,1224636,1224641,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224683,1224694,1224696,1224700,1224703,1224712,1224716,1224719,1224735,1224743,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225088,1225098,1225105,1225272,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225489,1225504,1225505,1225514,1225518,1225535,1225564,1225573,1225581,1225585,1225586,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225711,1225714,1225717,1225719,1225726,1225732,1225737,1225744,1225745,1225746,1225749,1225752,1225753,1225757,1225758,1225759,1225760,1225767,1225770,1225815,1225823,1225834,1225838,1225840,1225851,1225866,1225872,1225894,1225903,1226022,1226131,1226145,1226149,1226155,1226202,1226211,1226212,1226226,1226502,1226514,1226519,1226520,1226537,1226538,1226539,1226550,1226551,1226552,1226553,1226554,1226555,1226556,1226557,1226558,1226559,1226561,1226562,122656 3,1226564,1226565,1226566,1226567,1226568,1226569,1226570,1226571,1226572,1226574,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226750,1226754,1226757,1226762,1226764,1226767,1226768,1226769,1226771,1226774,1226775,1226777,1226780,1226781,1226783,1226785,1226786,1226789,1226791,1226834,1226837,1226839,1226840,122 6841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226911,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226990,1226992,1226993,1226994,1226996,1227066,1227090,1227096,1227101,1227103,1227121,1227157,1227162,1227274,1227362,1227383,1227432,1227435,1227447,1227487,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928, 1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,1227956,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228226,1228235,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,12288 01,1228850,1228857,CVE-2021-4439,CVE-2021-47086,CVE-2021-47089,CVE-2021-47103,CVE-2021-47186,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47546,CVE-2021-47547,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47588,CVE-2021-47589,CVE-2021-47590,CVE-2021-47591,CVE-2021-47592,CVE-2021-47593,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47598,CVE-2021-47599,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47606,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-2021-47618,CVE-2021-47619,CVE-2021-47620,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE- 2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48 793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022-48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-24023,CVE-2023-52435,CVE -2023-52573,CVE-2023-52580,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-52751,CVE-2023-52752,CVE-2023-52762,CVE-2023-52766,CVE-2023-52775,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52812,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52857,CVE-2023-52863,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26615,CVE-2024-26625,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26644,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26720,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26842,CVE-2024-26845,CVE-2024-26863,CVE-2024-26923,CVE-2024-26935,CVE-2024-26961,CVE-2024-26973,CVE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27432,CVE-2024-27437,CVE-2024-3 3619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35805,CVE-2024-35807,CVE-2024-35814,CVE-2024-35819,CVE-2024-35835,CVE-2024-35837,CVE-2024-35848,CVE-2024-35853,CVE-2024-35855,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35896,CVE-2024-35898,CVE-2024-35899,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35934,CVE-2024-35949,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35961,CVE-2024-35962,CVE-2024-35979,CVE-2024-35995,CVE-2024-35997,CVE-2024-36000,CVE-2024-36004,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36288,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36889,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36901,CVE-2024-36902,CVE-2024-36904,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CV E-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36934,CVE-2024-36937,CVE-2024-36939,CVE-2024-36940,CVE-2024-36945,CVE-2024-36946,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36974,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38558,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38570,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38586,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38598,CVE-2024-38599,CVE-2024- 38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38628,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39276,CVE-2024-39301,CVE-2024-39371,CVE-2024-39463,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024-39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,C VE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009,CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024 -42230 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47546: ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571). - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len. (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071). - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869). - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52762: virtio-blk: fix implicit overflow on virtio_max_dma_size (bsc#1225573). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' (bsc#1222323). - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26842: scsi: target: core: Add TMF to tmr_list handling (bsc#1223013). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35961: net/mlx5: Register devlink first under devlink lock (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Use access_width over bit_width for system memory accesses (bsc#1224557). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103). - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39475: fbdev: savage: Handle err return when savagefb_check_var failed (bsc#1227435) - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722). - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41011: drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (bsc#1228114). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41072: wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (bsc#1228626). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - acpi: EC: Abort address space access upon error (stable-fixes). - acpi: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - acpi: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - acpi: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - acpi: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - acpi: x86: Force StorageD3Enable on more products (stable-fixes). - acpi: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - acpica: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - alsa: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - alsa: dmaengine: Synchronize dma channel after drop() (stable-fixes). - alsa: emux: improve patch ioctl data validation (stable-fixes). - alsa: Fix deadlocks with kctl removals at disconnection (stable-fixes). - alsa: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - alsa: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - alsa: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - alsa: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - alsa: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - alsa: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - alsa: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - alsa: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - alsa: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - alsa: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - alsa: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - alsa: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - alsa: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - alsa: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - alsa: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - alsa: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - alsa: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - alsa: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - alsa: timer: Set lower bound of start tick time (stable-fixes). - alsa: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - alsa: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - alsa: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - alsa: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - alsa/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - asoc: amd: acp: add a null check for chip_pdev structure (git-fixes). - asoc: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - asoc: amd: Adjust error handling in case of absent codec device (git-fixes). - asoc: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - asoc: fsl-asoc-card: set priv->pdev before using it (git-fixes). - asoc: max98088: Check for clk_prepare_enable() error (git-fixes). - asoc: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - asoc: rt715-sdca: volume step modification (stable-fixes). - asoc: rt715: add vendor clear control register (stable-fixes). - asoc: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - asoc: ti: omap-hdmi: Fix too long driver name (stable-fixes). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block, loop: support partitions without scanning (bsc#1227162). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - check-for-config-changes: ignore also GCC_ASM_GOTO_OUTPUT_BROKEN . - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: mc33880: Convert comma to semicolon (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - hid: Add quirk for Logitech Casa touchpad (stable-fixes). - hid: core: remove unnecessary WARN_ON() in implement() (git-fixes). - hid: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - hid: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - input: qt1050 - handle CHIP_ID reading error (git-fixes). - input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu: mtk: fix module autoloading (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kabi: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kabi: bpf: callback fixes kABI workaround (bsc#1225903). - kabi: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kabi: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kabi: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-binary: vdso: Own module_dir - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - kvm: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - kvm: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - kvm: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - kvm: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - kvm: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - kvm: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - kvm: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - kvm: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - kvm: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - kvm: VMX: Report up-to-date exit qualification to userspace (git-fixes). - kvm: x86: Add IBPB_BRTYPE support (bsc#1228079). - kvm: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - kvm: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - kvm: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - kvm: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - kvm: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - kvm: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - kvm: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - kvm: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - kvm: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - kvm: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - kvm: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - kvm: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - kvm: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - nfs: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - nfs: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - nfs: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - nfsd enforce filehandle check for source file in COPY (git-fixes). - nfsd: Add an nfsd_file_fsync tracepoint (git-fixes). - nfsd: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - nfsd: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - nfsd: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - nfsd: Clean up nfsd_open_verified() (git-fixes). - nfsd: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up unused code after rhashtable conversion (git-fixes). - nfsd: Convert filecache to rhltable (git-fixes). - nfsd: Convert the filecache to use rhashtable (git-fixes). - nfsd: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - nfsd: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - nfsd: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - nfsd: Fix potential use-after-free in nfsd_file_put() (git-fixes). - nfsd: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - nfsd: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - nfsd: Flesh out a documenting comment for filecache.c (git-fixes). - nfsd: handle errors better in write_ports_addfd() (git-fixes). - nfsd: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - nfsd: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - nfsd: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - nfsd: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - nfsd: nfsd_file_put() can sleep (git-fixes). - nfsd: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - nfsd: No longer record nf_hashval in the trace log (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nfsd: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - nfsd: Record number of flush calls (git-fixes). - nfsd: Refactor __nfsd_file_close_inode() (git-fixes). - nfsd: Refactor nfsd_create_setattr() (git-fixes). - nfsd: Refactor nfsd_file_gc() (git-fixes). - nfsd: Refactor nfsd_file_lru_scan() (git-fixes). - nfsd: Refactor NFSv3 CREATE (git-fixes). - nfsd: Refactor NFSv4 OPEN(CREATE) (git-fixes). - nfsd: Remove do_nfsd_create() (git-fixes). - nfsd: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - nfsd: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - nfsd: Replace the 'init once' mechanism (git-fixes). - nfsd: Report average age of filecache items (git-fixes). - nfsd: Report count of calls to nfsd_file_acquire() (git-fixes). - nfsd: Report count of freed filecache items (git-fixes). - nfsd: Report filecache LRU size (git-fixes). - nfsd: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - nfsd: Separate tracepoints for acquire and create (git-fixes). - nfsd: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - nfsd: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - nfsd: Trace filecache LRU activity (git-fixes). - nfsd: Trace filecache opens (git-fixes). - nfsd: update comment over __nfsd_file_cache_purge (git-fixes). - nfsd: verify the opened dentry after setting a delegation (git-fixes). - nfsd: WARN when freeing an item still linked via nf_lru (git-fixes). - nfsd: Write verifier might go backwards (git-fixes). - nfsd: Zero counters when the filecache is re-initialized (git-fixes). - nfsv4: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nfsv4: Fixup smatch warning for ambiguous return (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: ensure reset state check ordering (bsc#1215492). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: speed up chain-list searching (bsc#1219224). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - pci: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - pci: Clear Secondary Status errors after enumeration (bsc#1226928) - pci: Extend ACS configurability (bsc#1228090). - pci: Fix resource double counting on remove & rescan (git-fixes). - pci: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (git-fixes). - pci: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - pci: keystone: Do not enable BAR 0 for AM654x (git-fixes). - pci: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - pci: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - pci: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - pci: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pci/aspm: Update save_state when configuration changes (bsc#1226915) - pci/dpc: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - pci/pm: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: update rk3308 iomux routes (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - pwm: stm32: Always do lazy disabling (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - ras/amd/atl: Fix MI300 bank hash (bsc#1225300). - ras/amd/atl: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - rdma/cache: Release GID table even if leak is detected (git-fixes) - rdma/device: Return error earlier if port in not valid (git-fixes) - rdma/hns: Check atomic wr length (git-fixes) - rdma/hns: Fix incorrect sge nums calculation (git-fixes) - rdma/hns: Fix insufficient extend DB for VFs. (git-fixes) - rdma/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - rdma/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - rdma/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - rdma/hns: Fix soft lockup under heavy CEQE load (git-fixes) - rdma/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - rdma/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - rdma/irdma: Drop unused kernel push code (git-fixes) - rdma/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - rdma/mana_ib: Ignore optional access flags for MRs (git-fixes). - rdma/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - rdma/mlx4: Fix truncated output warning in mad.c (git-fixes) - rdma/mlx5: Add check for srq max_sge attribute (git-fixes) - rdma/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - rdma/restrack: Fix potential invalid address access (git-fixes) - rdma/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - Revert 'Add remote for nfs maintainer' - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'build initrd without systemd' (bsc#1195775)'. - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679. - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - sunrpc: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - sunrpc: Fix gss_free_in_token_pages() (git-fixes). - sunrpc: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - sunrpc: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - usb: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - usb: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: serial: mos7840: fix crash on resume (git-fixes). - usb: serial: option: add Fibocom FM350-GL (stable-fixes). - usb: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - usb: serial: option: add Rolling RW350-GL variants (stable-fixes). - usb: serial: option: add support for Foxconn T99W651 (stable-fixes). - usb: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - usb: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - usb: xhci-plat: fix legacy PHY double init (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x.509: Fix the parser of extended key usage for length (bsc#1218820). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - krb5-1.20.1-150500.3.9.1 updated - login_defs-4.8.1-150500.3.9.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150500.3.9.1 updated - util-linux-2.37.4-150500.9.14.2 updated - util-linux-systemd-2.37.4-150500.9.14.2 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - kernel-default-base-5.14.21-150500.55.73.1.150500.6.33.8 updated - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.63 updated From sle-container-updates at lists.suse.com Thu Aug 29 07:01:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 29 Aug 2024 09:01:46 +0200 (CEST) Subject: SUSE-IU-2024:1127-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240829070146.4DB79FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1127-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.134 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.134 Severity : important Type : security References : 1082555 1156395 1159034 1190336 1191958 1193454 1193554 1193787 1193883 1194324 1194818 1194818 1194826 1194869 1195065 1195254 1195341 1195349 1195357 1195668 1195775 1195927 1195957 1196018 1196746 1196823 1197146 1197246 1197762 1197915 1198014 1199295 1202346 1202686 1202767 1202780 1205205 1207361 1208690 1208783 1209636 1213123 1214980 1215492 1215587 1216834 1217912 1218148 1218570 1218820 1219224 1219633 1219832 1219847 1220138 1220185 1220186 1220187 1220368 1220812 1220869 1220876 1220942 1220952 1220958 1221010 1221044 1221086 1221282 1221647 1221654 1221656 1221659 1221777 1221958 1222011 1222015 1222072 1222080 1222241 1222254 1222285 1222323 1222326 1222328 1222364 1222625 1222702 1222728 1222799 1222804 1222807 1222809 1222810 1222811 1222813 1222814 1222821 1222822 1222826 1222828 1222830 1222833 1222834 1222893 1223013 1223018 1223021 1223180 1223265 1223384 1223635 1223641 1223652 1223675 1223724 1223778 1223806 1223813 1223815 1223836 1223863 1224020 1224113 1224115 1224116 1224118 1224331 1224414 1224488 1224497 1224498 1224499 1224500 1224504 1224512 1224516 1224517 1224520 1224539 1224540 1224545 1224548 1224552 1224557 1224572 1224573 1224583 1224585 1224588 1224602 1224603 1224604 1224605 1224612 1224614 1224619 1224636 1224641 1224661 1224662 1224670 1224671 1224674 1224677 1224679 1224683 1224694 1224696 1224700 1224703 1224712 1224716 1224719 1224735 1224743 1224749 1224764 1224765 1224766 1224935 1224946 1224951 1225050 1225088 1225098 1225105 1225272 1225300 1225301 1225389 1225391 1225419 1225426 1225448 1225452 1225467 1225475 1225475 1225484 1225487 1225489 1225504 1225505 1225514 1225518 1225535 1225564 1225573 1225581 1225585 1225586 1225602 1225611 1225681 1225692 1225698 1225699 1225704 1225711 1225714 1225717 1225719 1225726 1225732 1225737 1225744 1225745 1225746 1225749 1225752 1225753 1225757 1225758 1225759 1225760 1225767 1225767 1225770 1225810 1225815 1225820 1225823 1225829 1225834 1225835 1225838 1225839 1225840 1225843 1225847 1225851 1225856 1225866 1225872 1225894 1225895 1225898 1225903 1226022 1226131 1226145 1226149 1226155 1226202 1226211 1226212 1226226 1226412 1226463 1226502 1226514 1226519 1226520 1226529 1226537 1226538 1226539 1226550 1226551 1226552 1226553 1226554 1226555 1226556 1226557 1226558 1226559 1226561 1226562 1226563 1226564 1226565 1226566 1226567 1226568 1226569 1226570 1226571 1226572 1226574 1226575 1226576 1226577 1226579 1226580 1226581 1226582 1226583 1226585 1226587 1226588 1226588 1226593 1226595 1226597 1226601 1226602 1226603 1226607 1226607 1226610 1226614 1226616 1226617 1226618 1226619 1226621 1226622 1226624 1226626 1226628 1226629 1226632 1226633 1226634 1226637 1226643 1226644 1226645 1226647 1226650 1226650 1226653 1226657 1226658 1226669 1226670 1226672 1226673 1226674 1226675 1226678 1226679 1226683 1226685 1226686 1226690 1226691 1226692 1226693 1226696 1226697 1226698 1226698 1226699 1226701 1226702 1226703 1226704 1226705 1226706 1226708 1226709 1226710 1226711 1226712 1226713 1226713 1226715 1226716 1226716 1226718 1226719 1226720 1226721 1226730 1226732 1226734 1226735 1226737 1226738 1226739 1226740 1226744 1226746 1226747 1226749 1226750 1226754 1226757 1226758 1226762 1226764 1226767 1226768 1226769 1226771 1226774 1226775 1226777 1226780 1226781 1226783 1226785 1226785 1226786 1226789 1226791 1226834 1226837 1226839 1226840 1226841 1226842 1226848 1226852 1226857 1226861 1226863 1226864 1226867 1226868 1226876 1226878 1226883 1226886 1226890 1226891 1226895 1226908 1226911 1226915 1226928 1226948 1226949 1226950 1226953 1226962 1226976 1226990 1226992 1226993 1226994 1226996 1227066 1227090 1227096 1227101 1227103 1227121 1227138 1227150 1227157 1227162 1227186 1227187 1227274 1227362 1227383 1227432 1227435 1227447 1227487 1227549 1227573 1227618 1227620 1227626 1227635 1227661 1227716 1227722 1227724 1227725 1227728 1227729 1227730 1227732 1227733 1227750 1227754 1227755 1227760 1227762 1227763 1227764 1227766 1227770 1227771 1227772 1227774 1227779 1227780 1227783 1227786 1227787 1227790 1227792 1227796 1227797 1227798 1227800 1227802 1227806 1227808 1227810 1227812 1227813 1227814 1227816 1227820 1227823 1227824 1227828 1227829 1227836 1227846 1227849 1227851 1227862 1227864 1227865 1227866 1227870 1227884 1227886 1227891 1227893 1227899 1227900 1227910 1227913 1227917 1227918 1227919 1227920 1227921 1227922 1227923 1227924 1227925 1227927 1227928 1227931 1227932 1227933 1227935 1227936 1227938 1227941 1227942 1227944 1227945 1227947 1227948 1227949 1227950 1227952 1227953 1227954 1227956 1227957 1227963 1227964 1227965 1227968 1227969 1227970 1227971 1227972 1227975 1227976 1227981 1227982 1227985 1227986 1227987 1227988 1227989 1227990 1227991 1227992 1227993 1227995 1227996 1227997 1228000 1228002 1228003 1228004 1228005 1228006 1228007 1228008 1228009 1228010 1228011 1228013 1228014 1228015 1228019 1228020 1228025 1228028 1228035 1228037 1228038 1228039 1228040 1228045 1228054 1228055 1228056 1228060 1228061 1228062 1228063 1228064 1228066 1228067 1228068 1228071 1228079 1228090 1228114 1228140 1228190 1228191 1228195 1228202 1228226 1228235 1228237 1228247 1228327 1228328 1228330 1228403 1228405 1228408 1228409 1228410 1228418 1228440 1228459 1228462 1228470 1228518 1228520 1228530 1228561 1228565 1228580 1228581 1228591 1228599 1228617 1228625 1228626 1228633 1228640 1228644 1228649 1228655 1228665 1228672 1228680 1228705 1228723 1228743 1228756 1228770 1228801 1228850 1228857 916845 CVE-2013-4235 CVE-2013-4235 CVE-2021-4439 CVE-2021-47086 CVE-2021-47089 CVE-2021-47103 CVE-2021-47186 CVE-2021-47402 CVE-2021-47432 CVE-2021-47515 CVE-2021-47534 CVE-2021-47538 CVE-2021-47539 CVE-2021-47546 CVE-2021-47547 CVE-2021-47555 CVE-2021-47566 CVE-2021-47571 CVE-2021-47572 CVE-2021-47576 CVE-2021-47577 CVE-2021-47578 CVE-2021-47580 CVE-2021-47582 CVE-2021-47583 CVE-2021-47584 CVE-2021-47585 CVE-2021-47586 CVE-2021-47587 CVE-2021-47588 CVE-2021-47589 CVE-2021-47590 CVE-2021-47591 CVE-2021-47592 CVE-2021-47593 CVE-2021-47595 CVE-2021-47596 CVE-2021-47597 CVE-2021-47598 CVE-2021-47599 CVE-2021-47600 CVE-2021-47601 CVE-2021-47602 CVE-2021-47603 CVE-2021-47604 CVE-2021-47605 CVE-2021-47606 CVE-2021-47607 CVE-2021-47608 CVE-2021-47609 CVE-2021-47610 CVE-2021-47611 CVE-2021-47612 CVE-2021-47614 CVE-2021-47615 CVE-2021-47616 CVE-2021-47617 CVE-2021-47618 CVE-2021-47619 CVE-2021-47620 CVE-2021-47622 CVE-2021-47623 CVE-2021-47624 CVE-2022-48711 CVE-2022-48712 CVE-2022-48713 CVE-2022-48713 CVE-2022-48714 CVE-2022-48715 CVE-2022-48716 CVE-2022-48717 CVE-2022-48718 CVE-2022-48720 CVE-2022-48721 CVE-2022-48722 CVE-2022-48723 CVE-2022-48724 CVE-2022-48725 CVE-2022-48726 CVE-2022-48727 CVE-2022-48728 CVE-2022-48729 CVE-2022-48730 CVE-2022-48730 CVE-2022-48732 CVE-2022-48732 CVE-2022-48733 CVE-2022-48734 CVE-2022-48735 CVE-2022-48736 CVE-2022-48737 CVE-2022-48738 CVE-2022-48739 CVE-2022-48740 CVE-2022-48743 CVE-2022-48744 CVE-2022-48745 CVE-2022-48746 CVE-2022-48747 CVE-2022-48748 CVE-2022-48749 CVE-2022-48749 CVE-2022-48751 CVE-2022-48752 CVE-2022-48753 CVE-2022-48754 CVE-2022-48755 CVE-2022-48756 CVE-2022-48756 CVE-2022-48758 CVE-2022-48759 CVE-2022-48760 CVE-2022-48761 CVE-2022-48763 CVE-2022-48765 CVE-2022-48766 CVE-2022-48767 CVE-2022-48768 CVE-2022-48769 CVE-2022-48770 CVE-2022-48771 CVE-2022-48772 CVE-2022-48773 CVE-2022-48774 CVE-2022-48775 CVE-2022-48776 CVE-2022-48777 CVE-2022-48778 CVE-2022-48780 CVE-2022-48783 CVE-2022-48784 CVE-2022-48785 CVE-2022-48786 CVE-2022-48787 CVE-2022-48788 CVE-2022-48789 CVE-2022-48790 CVE-2022-48791 CVE-2022-48792 CVE-2022-48793 CVE-2022-48794 CVE-2022-48796 CVE-2022-48797 CVE-2022-48798 CVE-2022-48799 CVE-2022-48800 CVE-2022-48801 CVE-2022-48802 CVE-2022-48803 CVE-2022-48804 CVE-2022-48805 CVE-2022-48806 CVE-2022-48807 CVE-2022-48809 CVE-2022-48810 CVE-2022-48811 CVE-2022-48812 CVE-2022-48813 CVE-2022-48814 CVE-2022-48815 CVE-2022-48816 CVE-2022-48817 CVE-2022-48818 CVE-2022-48820 CVE-2022-48821 CVE-2022-48822 CVE-2022-48823 CVE-2022-48824 CVE-2022-48825 CVE-2022-48826 CVE-2022-48827 CVE-2022-48828 CVE-2022-48829 CVE-2022-48830 CVE-2022-48831 CVE-2022-48834 CVE-2022-48835 CVE-2022-48836 CVE-2022-48837 CVE-2022-48838 CVE-2022-48839 CVE-2022-48840 CVE-2022-48841 CVE-2022-48842 CVE-2022-48843 CVE-2022-48844 CVE-2022-48846 CVE-2022-48847 CVE-2022-48849 CVE-2022-48850 CVE-2022-48851 CVE-2022-48852 CVE-2022-48853 CVE-2022-48855 CVE-2022-48856 CVE-2022-48857 CVE-2022-48858 CVE-2022-48859 CVE-2022-48860 CVE-2022-48861 CVE-2022-48862 CVE-2022-48863 CVE-2022-48864 CVE-2022-48866 CVE-2023-1582 CVE-2023-24023 CVE-2023-37453 CVE-2023-52435 CVE-2023-52573 CVE-2023-52580 CVE-2023-52591 CVE-2023-52622 CVE-2023-52658 CVE-2023-52667 CVE-2023-52670 CVE-2023-52672 CVE-2023-52675 CVE-2023-52735 CVE-2023-52735 CVE-2023-52737 CVE-2023-52751 CVE-2023-52752 CVE-2023-52762 CVE-2023-52766 CVE-2023-52775 CVE-2023-52784 CVE-2023-52787 CVE-2023-52800 CVE-2023-52812 CVE-2023-52835 CVE-2023-52837 CVE-2023-52843 CVE-2023-52845 CVE-2023-52846 CVE-2023-52857 CVE-2023-52863 CVE-2023-52869 CVE-2023-52881 CVE-2023-52882 CVE-2023-52884 CVE-2023-52885 CVE-2023-52886 CVE-2023-5388 CVE-2024-25741 CVE-2024-26583 CVE-2024-26584 CVE-2024-26585 CVE-2024-26615 CVE-2024-26625 CVE-2024-26633 CVE-2024-26635 CVE-2024-26636 CVE-2024-26641 CVE-2024-26644 CVE-2024-26661 CVE-2024-26663 CVE-2024-26665 CVE-2024-26720 CVE-2024-26800 CVE-2024-26802 CVE-2024-26813 CVE-2024-26814 CVE-2024-26842 CVE-2024-26845 CVE-2024-26863 CVE-2024-26889 CVE-2024-26920 CVE-2024-26923 CVE-2024-26935 CVE-2024-26961 CVE-2024-26973 CVE-2024-26976 CVE-2024-27015 CVE-2024-27019 CVE-2024-27020 CVE-2024-27025 CVE-2024-27065 CVE-2024-27402 CVE-2024-27432 CVE-2024-27437 CVE-2024-33619 CVE-2024-35247 CVE-2024-35789 CVE-2024-35790 CVE-2024-35805 CVE-2024-35807 CVE-2024-35814 CVE-2024-35819 CVE-2024-35835 CVE-2024-35837 CVE-2024-35848 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855 CVE-2024-35857 CVE-2024-35861 CVE-2024-35862 CVE-2024-35864 CVE-2024-35869 CVE-2024-35878 CVE-2024-35884 CVE-2024-35886 CVE-2024-35889 CVE-2024-35890 CVE-2024-35893 CVE-2024-35896 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35905 CVE-2024-35925 CVE-2024-35934 CVE-2024-35949 CVE-2024-35950 CVE-2024-35956 CVE-2024-35958 CVE-2024-35960 CVE-2024-35961 CVE-2024-35962 CVE-2024-35979 CVE-2024-35995 CVE-2024-35997 CVE-2024-36000 CVE-2024-36004 CVE-2024-36005 CVE-2024-36008 CVE-2024-36017 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36288 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36889 CVE-2024-36890 CVE-2024-36894 CVE-2024-36899 CVE-2024-36900 CVE-2024-36901 CVE-2024-36902 CVE-2024-36904 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36912 CVE-2024-36913 CVE-2024-36914 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36919 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36934 CVE-2024-36937 CVE-2024-36939 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36945 CVE-2024-36946 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-36960 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36974 CVE-2024-36975 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37354 CVE-2024-37370 CVE-2024-37371 CVE-2024-38381 CVE-2024-38388 CVE-2024-38390 CVE-2024-38540 CVE-2024-38541 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38552 CVE-2024-38553 CVE-2024-38555 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38558 CVE-2024-38559 CVE-2024-38559 CVE-2024-38560 CVE-2024-38564 CVE-2024-38565 CVE-2024-38567 CVE-2024-38568 CVE-2024-38570 CVE-2024-38571 CVE-2024-38573 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38586 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38594 CVE-2024-38597 CVE-2024-38598 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38616 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38627 CVE-2024-38628 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38659 CVE-2024-38661 CVE-2024-38780 CVE-2024-39276 CVE-2024-39301 CVE-2024-39371 CVE-2024-39463 CVE-2024-39468 CVE-2024-39469 CVE-2024-39471 CVE-2024-39472 CVE-2024-39475 CVE-2024-39482 CVE-2024-39487 CVE-2024-39488 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39502 CVE-2024-39505 CVE-2024-39506 CVE-2024-39507 CVE-2024-39508 CVE-2024-39509 CVE-2024-40900 CVE-2024-40901 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40906 CVE-2024-40908 CVE-2024-40909 CVE-2024-40911 CVE-2024-40912 CVE-2024-40916 CVE-2024-40919 CVE-2024-40923 CVE-2024-40924 CVE-2024-40927 CVE-2024-40929 CVE-2024-40931 CVE-2024-40932 CVE-2024-40934 CVE-2024-40935 CVE-2024-40937 CVE-2024-40940 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40945 CVE-2024-40953 CVE-2024-40954 CVE-2024-40956 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40966 CVE-2024-40967 CVE-2024-40970 CVE-2024-40972 CVE-2024-40976 CVE-2024-40977 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40994 CVE-2024-40998 CVE-2024-40999 CVE-2024-41002 CVE-2024-41004 CVE-2024-41006 CVE-2024-41009 CVE-2024-41011 CVE-2024-41012 CVE-2024-41013 CVE-2024-41014 CVE-2024-41015 CVE-2024-41016 CVE-2024-41017 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41048 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41063 CVE-2024-41064 CVE-2024-41066 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41076 CVE-2024-41078 CVE-2024-41081 CVE-2024-41087 CVE-2024-41090 CVE-2024-41091 CVE-2024-42070 CVE-2024-42079 CVE-2024-42093 CVE-2024-42096 CVE-2024-42105 CVE-2024-42122 CVE-2024-42124 CVE-2024-42145 CVE-2024-42161 CVE-2024-42224 CVE-2024-42230 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2394-1 Released: Wed Jul 10 18:03:47 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1156395,1190336,1191958,1193883,1194826,1195065,1195254,1195341,1195349,1195775,1196746,1197915,1198014,1199295,1202767,1202780,1205205,1207361,1217912,1218148,1218570,1218820,1219224,1219633,1219847,1220368,1220812,1220958,1221086,1221282,1221958,1222015,1222072,1222080,1222241,1222254,1222364,1222893,1223013,1223018,1223265,1223384,1223641,1224020,1224331,1224488,1224497,1224498,1224504,1224520,1224539,1224540,1224552,1224583,1224588,1224602,1224603,1224605,1224612,1224614,1224619,1224661,1224662,1224670,1224671,1224674,1224677,1224679,1224696,1224703,1224712,1224716,1224719,1224735,1224749,1224764,1224765,1224766,1224935,1224946,1224951,1225050,1225098,1225105,1225300,1225389,1225391,1225419,1225426,1225448,1225452,1225467,1225475,1225484,1225487,1225514,1225518,1225535,1225585,1225602,1225611,1225681,1225692,1225698,1225699,1225704,1225714,1225726,1225732,1225737,1225749,1225758,1225759,1225760,1225767,1225770,1225823,1225834,1225840,1225866,1225872,1225894,1226022,1 226131,1226145,1226149,1226155,1226211,1226212,1226226,1226514,1226520,1226537,1226538,1226539,1226550,1226552,1226553,1226554,1226556,1226557,1226558,1226559,1226561,1226562,1226563,1226564,1226566,1226567,1226569,1226572,1226575,1226576,1226577,1226579,1226580,1226581,1226582,1226583,1226585,1226587,1226588,1226593,1226595,1226597,1226601,1226602,1226603,1226607,1226610,1226614,1226616,1226617,1226618,1226619,1226621,1226622,1226624,1226626,1226628,1226629,1226632,1226633,1226634,1226637,1226643,1226644,1226645,1226647,1226650,1226653,1226657,1226658,1226669,1226670,1226672,1226673,1226674,1226675,1226678,1226679,1226683,1226685,1226686,1226690,1226691,1226692,1226693,1226696,1226697,1226698,1226699,1226701,1226702,1226703,1226704,1226705,1226706,1226708,1226709,1226710,1226711,1226712,1226713,1226715,1226716,1226718,1226719,1226720,1226721,1226730,1226732,1226734,1226735,1226737,1226738,1226739,1226740,1226744,1226746,1226747,1226749,1226754,1226762,1226764,1226767,1226768,122676 9,1226771,1226774,1226777,1226780,1226781,1226785,1226786,1226789,1226791,1226839,1226840,1226841,1226842,1226848,1226852,1226857,1226861,1226863,1226864,1226867,1226868,1226876,1226878,1226883,1226886,1226890,1226891,1226895,1226908,1226915,1226928,1226948,1226949,1226950,1226953,1226962,1226976,1226992,1226994,1226996,1227066,1227096,1227101,1227103,1227274,CVE-2021-4439,CVE-2021-47089,CVE-2021-47432,CVE-2021-47515,CVE-2021-47534,CVE-2021-47538,CVE-2021-47539,CVE-2021-47555,CVE-2021-47566,CVE-2021-47571,CVE-2021-47572,CVE-2021-47576,CVE-2021-47577,CVE-2021-47578,CVE-2021-47580,CVE-2021-47582,CVE-2021-47583,CVE-2021-47584,CVE-2021-47585,CVE-2021-47586,CVE-2021-47587,CVE-2021-47589,CVE-2021-47592,CVE-2021-47595,CVE-2021-47596,CVE-2021-47597,CVE-2021-47600,CVE-2021-47601,CVE-2021-47602,CVE-2021-47603,CVE-2021-47604,CVE-2021-47605,CVE-2021-47607,CVE-2021-47608,CVE-2021-47609,CVE-2021-47610,CVE-2021-47611,CVE-2021-47612,CVE-2021-47614,CVE-2021-47615,CVE-2021-47616,CVE-2021-47617,CVE-20 21-47618,CVE-2021-47619,CVE-2021-47620,CVE-2022-48711,CVE-2022-48712,CVE-2022-48713,CVE-2022-48714,CVE-2022-48715,CVE-2022-48716,CVE-2022-48717,CVE-2022-48718,CVE-2022-48720,CVE-2022-48721,CVE-2022-48722,CVE-2022-48723,CVE-2022-48724,CVE-2022-48725,CVE-2022-48726,CVE-2022-48727,CVE-2022-48728,CVE-2022-48729,CVE-2022-48730,CVE-2022-48732,CVE-2022-48733,CVE-2022-48734,CVE-2022-48735,CVE-2022-48736,CVE-2022-48737,CVE-2022-48738,CVE-2022-48739,CVE-2022-48740,CVE-2022-48743,CVE-2022-48744,CVE-2022-48745,CVE-2022-48746,CVE-2022-48747,CVE-2022-48748,CVE-2022-48749,CVE-2022-48751,CVE-2022-48752,CVE-2022-48753,CVE-2022-48754,CVE-2022-48755,CVE-2022-48756,CVE-2022-48758,CVE-2022-48759,CVE-2022-48760,CVE-2022-48761,CVE-2022-48763,CVE-2022-48765,CVE-2022-48766,CVE-2022-48767,CVE-2022-48768,CVE-2022-48769,CVE-2022-48770,CVE-2022-48771,CVE-2022-48772,CVE-2023-24023,CVE-2023-52622,CVE-2023-52658,CVE-2023-52667,CVE-2023-52670,CVE-2023-52672,CVE-2023-52675,CVE-2023-52735,CVE-2023-52737,CVE-2023-5275 2,CVE-2023-52766,CVE-2023-52784,CVE-2023-52787,CVE-2023-52800,CVE-2023-52835,CVE-2023-52837,CVE-2023-52843,CVE-2023-52845,CVE-2023-52846,CVE-2023-52869,CVE-2023-52881,CVE-2023-52882,CVE-2023-52884,CVE-2024-26625,CVE-2024-26644,CVE-2024-26720,CVE-2024-26842,CVE-2024-26845,CVE-2024-26923,CVE-2024-26973,CVE-2024-27432,CVE-2024-33619,CVE-2024-35247,CVE-2024-35789,CVE-2024-35790,CVE-2024-35807,CVE-2024-35814,CVE-2024-35835,CVE-2024-35848,CVE-2024-35857,CVE-2024-35861,CVE-2024-35862,CVE-2024-35864,CVE-2024-35869,CVE-2024-35878,CVE-2024-35884,CVE-2024-35886,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35905,CVE-2024-35925,CVE-2024-35950,CVE-2024-35956,CVE-2024-35958,CVE-2024-35960,CVE-2024-35962,CVE-2024-35997,CVE-2024-36005,CVE-2024-36008,CVE-2024-36017,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36890,CVE-2024-36894,CVE-2024-36899,CVE-2024-36900,CVE-2024-36904,CVE-2024-36915,CVE-2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2 024-36934,CVE-2024-36937,CVE-2024-36940,CVE-2024-36945,CVE-2024-36949,CVE-2024-36960,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36975,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37354,CVE-2024-38381,CVE-2024-38388,CVE-2024-38390,CVE-2024-38540,CVE-2024-38541,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38552,CVE-2024-38553,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38564,CVE-2024-38565,CVE-2024-38567,CVE-2024-38568,CVE-2024-38571,CVE-2024-38573,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38590,CVE-2024-38591,CVE-2024-38594,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38616,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38627,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-386 35,CVE-2024-38659,CVE-2024-38661,CVE-2024-38780,CVE-2024-39301,CVE-2024-39468,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47089: kfence: fix memory leak when cat kfence objects (bsc#1220958. - CVE-2021-47432: lib/generic-radix-tree.c: Do not overflow in peek() (bsc#1225391). - CVE-2021-47515: seg6: fix the iif in the IPv6 socket control block (bsc#1225426). - CVE-2021-47538: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() (bsc#1225448). - CVE-2021-47539: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() (bsc#1225452). - CVE-2021-47555: net: vlan: fix underflow for the real_dev refcnt (bsc#1225467). - CVE-2021-47566: Fix clearing user buffer by properly using clear_user() (bsc#1225514). - CVE-2021-47571: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() (bsc#1225518). - CVE-2021-47572: net: nexthop: fix null pointer dereference when IPv6 is not enabled (bsc#1225389). - CVE-2022-48716: ASoC: codecs: wcd938x: fix incorrect used of portid (bsc#1226678). - CVE-2023-24023: Bluetooth: Add more enc key size check (bsc#1218148). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52658: Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (bsc#1224719). - CVE-2023-52667: net/mlx5e: fix a potential double-free in fs_any_create_groups (bsc#1224603). - CVE-2023-52670: rpmsg: virtio: Free driver_override when rpmsg_remove() (bsc#1224696). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52675: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (bsc#1224504). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2023-52737: btrfs: lock the inode in shared mode before starting fiemap (bsc#1225484). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52784: bonding: stop the device in bond_setup_by_slave() (bsc#1224946). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2023-52835: perf/core: Bail out early if the request AUX area is out of bound (bsc#1225602). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2023-52869: pstore/platform: Add check for kstrdup (bsc#1225050). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2023-52882: clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (bsc#1225692). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-26644: btrfs: do not abort filesystem when attempting to snapshot deleted subvolume (bsc#1221282, bsc#1222072). - CVE-2024-26720: mm: Avoid overflows in dirty throttling logic (bsc#1222364). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26973: fat: fix uninitialized field in nostale filehandles (bsc#1223641). - CVE-2024-27432: net: ethernet: mtk_eth_soc: fix PPE hanging issue (bsc#1224716). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-35789: Check fast rx for non-4addr sta VLAN changes (bsc#1224749). - CVE-2024-35790: usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (bsc#1224712). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2024-35835: net/mlx5e: fix a double-free in arfs_create_groups (bsc#1224605). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35869: smb: client: guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-35900: netfilter: nf_tables: reject new basechain after table flag update (bsc#1224497). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2024-35950: drm/client: Fully protect modes with dev->mode_config.mutex (bsc#1224703). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35958: net: ena: Fix incorrect descriptor free behavior (bsc#1224677). - CVE-2024-35960: net/mlx5: Properly link new fs rules into the tree (bsc#1224588). - CVE-2024-35997: Remove I2C_HID_READ_PENDING flag to prevent lock-up (bsc#1224552). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-36017: rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (bsc#1225681). - CVE-2024-36020: i40e: fix vf may be used uninitialized in this function warning (bsc#1225698). - CVE-2024-36021: net: hns3: fix kernel crash when devlink reload during pf initialization (bsc#1225699). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-36890: mm/slab: make __free(kfree) accept error pointers (bsc#1225714). - CVE-2024-36894: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (bsc#1225749). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2024-36940: pinctrl: core: delete incorrect free in pinctrl_enable() (bsc#1225840). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36949: amd/amdkfd: sync all devices to wait all processes being evicted (bsc#1225872) - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-38541: of: module: add buffer overflow check in of_modalias() (bsc#1226587). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38659: enic: Validate length of nl attributes in enic_set_vf_port (bsc#1226883). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38780: dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (bsc#1226886). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-39468: smb: client: fix deadlock in smb2_find_smb_tcon() (bsc#1227103. - CVE-2024-39469: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (bsc#1226992). The following non-security bugs were fixed: - ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (stable-fixes). - ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (git-fixes). - ALSA/hda: intel-dsp-config: Document AVS as dsp_driver option (git-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: Enable headset mic on IdeaPad 330-17IKB 81DM (git-fixes). - ALSA: hda/realtek: Fix conflicting quirk for PCI SSID 17aa:3820 (git-fixes). - ALSA: hda/realtek: Limit mic boost on N14AP7 (stable-fixes). - ALSA: hda/realtek: Remove Framework Laptop 16 from quirks (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 445/465 G11 (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ASoC: amd: acp: add a null check for chip_pdev structure (git-fixes). - ASoC: amd: acp: remove i2s configuration check in acp_i2s_probe() (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (stable-fixes). - ASoC: fsl-asoc-card: set priv->pdev before using it (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (stable-fixes). - ASoC: rt715-sdca: volume step modification (stable-fixes). - ASoC: rt715: add vendor clear control register (stable-fixes). - Add remote for nfs maintainer - Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (git-fixes). - Fix new build warnings regarding unused variables: Changed build warnings: ***** 2 warnings ***** * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_queue_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_queue_cap_unlink_work': ../fs/ceph/mds_client.c:2421:22: warning: unused variable 'cl' [-Wunused-variable] * unused-variable (cl) in ../fs/ceph/mds_client.c in ceph_cap_unlink_work ../fs/ceph/mds_client.c: In function 'ceph_cap_unlink_work': ../fs/ceph/mds_client.c:2436:22: warning: unused variable 'cl' [-Wunused-variable] - HID: core: remove unnecessary WARN_ON() in implement() (git-fixes). - HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode() (git-fixes). - Input: ili210x - fix ili251x_read_touch_data() return value (git-fixes). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI/ASPM: Update save_state when configuration changes (bsc#1226915) - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - RDMA/hns: Fix incorrect sge nums calculation (git-fixes) - RDMA/irdma: Drop unused kernel push code (git-fixes) - RDMA/mlx5: Add check for srq max_sge attribute (git-fixes) - Revert 'Add remote for nfs maintainer' - Revert 'build initrd without systemd' (bsc#1195775)' - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (git-fixes). - USB: xen-hcd: Traverse host/ when CONFIG_USB_XEN_HCD is selected (git-fixes). - X.509: Fix the parser of extended key usage for length (bsc#1218820). - arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (git-fixes). - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8690). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8690). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8690). - arm64: mm: do not acquire mutex when rewriting swapper (jsc#PED-8690). - ata: ahci: Clean up sysfs file on error (git-fixes). - ata: libata-core: Fix double free on error (git-fixes). - ata: libata-core: Fix null pointer dereference on error (git-fixes). - batman-adv: Do not accept TT entries for out-of-spec VIDs (git-fixes). - bpf, sockmap: Check for any of tcp_bpf_prots when cloning a listener (git-fixes). - btrfs: avoid copying BTRFS_ROOT_SUBVOL_DEAD flag to snapshot of subvolume being deleted (bsc#1221282). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - cifs: fix hang in wait_for_response() (bsc#1220812, bsc#1220368). - cpufreq: amd-pstate: Fix the inconsistency in max frequency units (git-fixes). - crypto: ecrdsa - Fix module auto-load on add_key (stable-fixes). - dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (git-fixes). - dmaengine: ioatdma: Fix missing kmem_cache_destroy() (git-fixes). - drivers: core: synchronize really_probe() and dev_uevent() (git-fixes). - drm/amd/display: Add VCO speed parameter for DCN31 FPU (stable-fixes). - drm/amd/display: Add dtbclk access to dcn315 (stable-fixes). - drm/amd/display: Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd/display: Set color_mgmt_changed to true on unsuspend (stable-fixes). - drm/amd/display: drop unnecessary NULL checks in debugfs (stable-fixes). - drm/amd/display: revert Exit idle optimizations before HDCP execution (stable-fixes). - drm/amd: Fix shutdown (again) on some SMU v13.0.4/11 platforms (git-fixes). - drm/amdgpu/atomfirmware: add intergrated info v2.3 table (stable-fixes). - drm/amdgpu/mes: fix use-after-free issue (stable-fixes). - drm/amdgpu: Fix the ring buffer size for queue VM flush (stable-fixes). - drm/amdgpu: Update BO eviction priorities (stable-fixes). - drm/amdgpu: add error handle to avoid out-of-bounds (stable-fixes). - drm/amdgpu: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/amdkfd: Flush the process wq before creating a kfd_process (stable-fixes). - drm/amdkfd: Rework kfd_locked handling (bsc#1225872) - drm/bridge/panel: Fix runtime warning on panel bridge release (git-fixes). - drm/exynos/vidi: fix memory leak in .get_modes() (stable-fixes). - drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Fix potential UAF by revoke of fence registers (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/mso: using joiner is not possible with eDP MSO (git-fixes). - drm/komeda: check for error-valued pointer (git-fixes). - drm/lima: add mask irq callback to gp and pp (stable-fixes). - drm/lima: mask irqs in timeout path before hard reset (stable-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: Return IRQ_NONE for unhandled interrupts (stable-fixes). - drm/msm: Enable clamp_to_idle for 7c3 (stable-fixes). - drm/panel-samsung-atna33xc20: Use ktime_get_boottime for delays (stable-fixes). - drm/panel: simple: Add missing display timing flags for KOE TX26D202VM0BWA (git-fixes). - drm/radeon: fix UBSAN warning in kv_dpm.c (stable-fixes). - drm/vmwgfx: 3D disabled should not effect STDU memory limits (git-fixes). - drm/vmwgfx: Filter modes which exceed graphics memory (git-fixes). - gpio: davinci: Validate the obtained number of IRQs (git-fixes). - gpio: tqmx86: fix typo in Kconfig label (git-fixes). - gpio: tqmx86: introduce shadow register for GPIO output value (git-fixes). - gpiolib: cdev: Disallow reconfiguration without direction (uAPI v1) (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - i2c: at91: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: designware: Fix the functionality flags of the slave-only interface (git-fixes). - i2c: ocores: set IACK bit after core is enabled (git-fixes). - i2c: testunit: discard write requests while old command is running (git-fixes). - i2c: testunit: do not erase registers after STOP (git-fixes). - iio: accel: fxls8962af: select IIO_BUFFER & IIO_KFIFO_BUF (git-fixes). - iio: adc: ad7266: Fix variable checking bug (git-fixes). - iio: adc: ad9467: fix scan type sign (git-fixes). - iio: chemical: bme680: Fix calibration data variable (git-fixes). - iio: chemical: bme680: Fix overflows in compensate() functions (git-fixes). - iio: chemical: bme680: Fix pressure value output (git-fixes). - iio: chemical: bme680: Fix sensor data read operation (git-fixes). - iio: dac: ad5592r: fix temperature channel scaling value (git-fixes). - iio: imu: inv_icm42600: delete unneeded update watermark call (git-fixes). - intel_th: pci: Add Meteor Lake-S CPU support (stable-fixes). - iommu/amd: Fix sysfs leak in iommu init (git-fixes). - iommu: Return right value in iommu_sva_bind_device() (git-fixes). - iommu: mtk: fix module autoloading (git-fixes). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kbuild: Install dtb files as 0644 in Makefile.dtbinst (git-fixes). - kbuild: do not include include/config/auto.conf from shell scripts (bsc#1227274). - kconfig: doc: fix a typo in the note about 'imply' (git-fixes). - kconfig: fix comparison to constant symbols, 'm', 'n' (git-fixes). - kernel-doc: fix struct_group_tagged() parsing (git-fixes). - lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (git-fixes). - media: flexcop-usb: clean up endpoint sanity checks (stable-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: ipu3-cio2: Use temporary storage for struct device pointer (stable-fixes). - media: lgdt3306a: Add a check against null-pointer-def (stable-fixes). - media: mxl5xx: Move xpt structures off stack (stable-fixes). - media: radio-shark2: Avoid led_names truncations (git-fixes). - media: v4l2-core: hold videodev_lock until dev reg, finishes (stable-fixes). - mei: me: release irq in mei_me_pci_resume error path (git-fixes). - mkspec-dtb: add toplevel symlinks also on arm - mmc: core: Add mmc_gpiod_set_cd_config() function (stable-fixes). - mmc: core: Do not force a retune before RPMB switch (stable-fixes). - mmc: sdhci-acpi: Disable write protect detection on Toshiba WT10-A (stable-fixes). - mmc: sdhci-acpi: Fix Lenovo Yoga Tablet 2 Pro 1380 sdcard slot not working (stable-fixes). - mmc: sdhci-acpi: Sort DMI quirks alphabetically (stable-fixes). - mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (git-fixes). - mmc: sdhci: Do not invert write-protect twice (git-fixes). - mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Drop lookup for deprecated ti,otap-del-sel (stable-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mtd: rawnand: Bypass a couple of sanity checks during NAND identification (git-fixes). - mtd: rawnand: Ensure ECC configuration is propagated to upper layers (git-fixes). - mtd: rawnand: rockchip: ensure NVDDR timings are rejected (git-fixes). - net/mlx5e: Fix a race in command alloc flow (git-fixes). - net: can: j1939: Initialize unused data in j1939_send_one() (git-fixes). - net: can: j1939: enhanced error handling for tightly received RTS messages in xtp_rx_rts_session_new (git-fixes). - net: can: j1939: recover socket queue on CAN bus error during BAM transmission (git-fixes). - net: ena: Fix redundant device NUMA node override (jsc#PED-8690). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - net: phy: Micrel KSZ8061: fix errata solution not taking effect problem (git-fixes). - net: phy: micrel: add Microchip KSZ 9477 to the device table (git-fixes). - net: usb: ax88179_178a: improve link status logs (git-fixes). - net: usb: ax88179_178a: improve reset check (git-fixes). - net: usb: qmi_wwan: add Telit FN920C04 compositions (stable-fixes). - net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (git-fixes). - net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (git-fixes). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nilfs2: fix potential hang in nilfs_detach_log_writer() (stable-fixes). - nvme: find numa distance only if controller has valid numa id (git-fixes). - nvmet-passthru: propagate status from id override functions (git-fixes). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (git-fixes). - pinctrl: qcom: spmi-gpio: drop broken pm8008 support (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (git-fixes). - pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (git-fixes). - pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (git-fixes). - pinctrl: rockchip: use dedicated pinctrl type for RK3328 (git-fixes). - random: treat bootloader trust toggle the same way as cpu trust toggle (bsc#1226953). - regulator: bd71815: fix ramp values (git-fixes). - regulator: core: Fix modpost error 'regulator_get_regmap' undefined (git-fixes). - regulator: irq_helpers: duplicate IRQ name (stable-fixes). - regulator: vqmmc-ipq4019: fix module autoloading (stable-fixes). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212) Some builds do not just create an iso9660 image, but also mount it during build. - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211) docker needs more networking modules, even legacy iptable_nat and _filter. - rpm/kernel-obs-build.spec.in: Include algif_hash, aegis128 and xts modules afgif_hash is needed by some packages (e.g. iwd) for tests, xts is used for LUKS2 volumes by default and aegis128 is useful as AEAD cipher for LUKS2. Wrap the long line to make it readable. - rpm/mkspec-dtb: dtbs have moved to vendor sub-directories in 6.5 By commit 724ba6751532 ('ARM: dts: Move .dts files to vendor sub-directories'). So switch to them. - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - scsi: sd: Update DIX config every time sd_revalidate_disk() is called (bsc#1218570). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: guarantee refcounted children from parent session (bsc#1224679). - soundwire: cadence: fix invalid PDI offset (stable-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - supported.conf: mark orangefs as optional We do not support orangefs at all (and it is already marked as such), but since there are no SLE consumers of it, mark it as optional. - supported.conf: mark ufs as unsupported UFS is an unsupported filesystem, mark it as such. We still keep it around (not marking as optional), to accommodate any potential migrations from BSD systems. - tty: mcf: MCF54418 has 10 UARTS (git-fixes). - usb-storage: alauda: Check whether the media is initialized (git-fixes). - usb: atm: cxacru: fix endpoint checking in cxacru_bind() (git-fixes). - usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock (git-fixes). - usb: fotg210-hcd: delete an incorrect bounds test (git-fixes). - usb: gadget: printer: fix races against disable (git-fixes). - usb: musb: da8xx: fix a resource leak in probe() (git-fixes). - usb: typec: tcpm: Ignore received Hard Reset in TOGGLING state (git-fixes). - usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps (git-fixes). - usb: typec: ucsi: Ack also failed Get Error commands (git-fixes). - usb: typec: ucsi: Never send a lone connector change ack (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper (git-fixes). - usb: xhci: address off-by-one in xhci_num_trbs_free() (git-fixes). - usb: xhci: improve debug message in xhci_ring_expansion_needed() (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: bd9576_wdt: switch to using devm_fwnode_gpiod_get() (stable-fixes). - wifi: cfg80211: Lock wiphy in cfg80211_get_station (git-fixes). - wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (stable-fixes). - wifi: cfg80211: pmsr: use correct nla_get_uX functions (git-fixes). - wifi: iwlwifi: dbg_ini: move iwl_dbg_tlv_free outside of debugfs ifdef (git-fixes). - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (git-fixes). - wifi: iwlwifi: mvm: do not read past the mfuart notifcation (git-fixes). - wifi: iwlwifi: mvm: revert gen2 TX A-MPDU size to 64 (git-fixes). - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (git-fixes). - wifi: mac80211: correctly parse Spatial Reuse Parameter Set element (git-fixes). - wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (git-fixes). - wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix endianness issue in RX path (stable-fixes). - wifi: rtlwifi: rtl8192de: Fix low speed with WPA3-SAE (stable-fixes). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). - xfs: make sure sb_fdblocks is non-negative (bsc#1225419). - xhci: Fix failure to detect ring expansion need (git-fixes). - xhci: Fix transfer ring expansion size calculation (git-fixes). - xhci: Handle TD clearing for multiple streams case (git-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: Stop unnecessary tracking of free trbs in a ring (git-fixes). - xhci: fix matching completion events with TDs (git-fixes). - xhci: remove unused stream_id parameter from xhci_handle_halted_endpoint() (git-fixes). - xhci: restre deleted trb fields for tracing (git-fixes). - xhci: retry Stop Endpoint on buggy NEC controllers (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). - xhci: update event ring dequeue pointer position to controller correctly (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2659-1 Released: Tue Jul 30 15:37:52 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2684-1 Released: Wed Jul 31 20:04:41 2024 Summary: Recommended update for mozilla-nss Type: recommended Severity: moderate References: 1214980,1222804,1222807,1222811,1222813,1222814,1222821,1222822,1222826,1222828,1222830,1222833,1222834,1223724,1224113,1224115,1224116,1224118,1227918,CVE-2023-5388 This update for mozilla-nss fixes the following issues: - Fixed startup crash of Firefox when using FIPS-mode (bsc#1223724). - Added 'Provides: nss' so other RPMs that require 'nss' can be installed (jira PED-6358). - FIPS: added safe memsets (bsc#1222811) - FIPS: restrict AES-GCM (bsc#1222830) - FIPS: Updated FIPS approved cipher lists (bsc#1222813, bsc#1222814, bsc#1222821, bsc#1222822, bsc#1224118) - FIPS: Updated FIPS self tests (bsc#1222807, bsc#1222828, bsc#1222834) - FIPS: Updated FIPS approved cipher lists (bsc#1222804, bsc#1222826, bsc#1222833, bsc#1224113, bsc#1224115, bsc#1224116) - Require `sed` for mozilla-nss-sysinit, as setup-nsssysinit.sh depends on it and will create a broken, empty config, if sed is missing (bsc#1227918) Update to NSS 3.101.2: * bmo#1905691 - ChaChaXor to return after the function update to NSS 3.101.1: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. update to NSS 3.101: * add diagnostic assertions for SFTKObject refcount. * freeing the slot in DeleteCertAndKey if authentication failed * fix formatting issues. * Add Firmaprofesional CA Root-A Web to NSS. * remove invalid acvp fuzz test vectors. * pad short P-384 and P-521 signatures gtests. * remove unused FreeBL ECC code. * pad short P-384 and P-521 signatures. * be less strict about ECDSA private key length. * Integrate HACL* P-521. * Integrate HACL* P-384. * memory leak in create_objects_from_handles. * ensure all input is consumed in a few places in mozilla::pkix * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * clean up escape handling * Use lib::pkix as default validator instead of the old-one * Need to add high level support for PQ signing. * Certificate Compression: changing the allocation/freeing of buffer + Improving the documentation * SMIME/CMS and PKCS #12 do not integrate with modern NSS policy * Allow for non-full length ecdsa signature when using softoken * Modification of .taskcluster.yml due to mozlint indent defects * Implement support for PBMAC1 in PKCS#12 * disable VLA warnings for fuzz builds. * remove redundant AllocItem implementation. * add PK11_ReadDistrustAfterAttribute. * - Clang-formatting of SEC_GetMgfTypeByOidTag update * Set SEC_ERROR_LIBRARY_FAILURE on self-test failure * sftk_getParameters(): Fix fallback to default variable after error with configfile. * Switch to the mozillareleases/image_builder image - switch from ec_field_GFp to ec_field_plain Update to NSS 3.100: * merge pk11_kyberSlotList into pk11_ecSlotList for faster Xyber operations. * remove ckcapi. * avoid a potential PK11GenericObject memory leak. * Remove incomplete ESDH code. * Decrypt RSA OAEP encrypted messages. * Fix certutil CRLDP URI code. * Don't set CKA_DERIVE for CKK_EC_EDWARDS private keys. * Add ability to encrypt and decrypt CMS messages using ECDH. * Correct Templates for key agreement in smime/cmsasn.c. * Moving the decodedCert allocation to NSS. * Allow developers to speed up repeated local execution of NSS tests that depend on certificates. Update to NSS 3.99: * Removing check for message len in ed25519 (bmo#1325335) * add ed25519 to SECU_ecName2params. (bmo#1884276) * add EdDSA wycheproof tests. (bmo#1325335) * nss/lib layer code for EDDSA. (bmo#1325335) * Adding EdDSA implementation. (bmo#1325335) * Exporting Certificate Compression types (bmo#1881027) * Updating ACVP docker to rust 1.74 (bmo#1880857) * Updating HACL* to 0f136f28935822579c244f287e1d2a1908a7e552 (bmo#1325335) * Add NSS_CMSRecipient_IsSupported. (bmo#1877730) Update to NSS 3.98: * (CVE-2023-5388) Timing attack against RSA decryption in TLS * Certificate Compression: enabling the check that the compression was advertised * Move Windows workers to nss-1/b-win2022-alpha * Remove Email trust bit from OISTE WISeKey Global Root GC CA * Replace `distutils.spawn.find_executable` with `shutil.which` within `mach` in `nss` * Certificate Compression: Updating nss_bogo_shim to support Certificate compression * TLS Certificate Compression (RFC 8879) Implementation * Add valgrind annotations to freebl kyber operations for constant-time execution tests * Set nssckbi version number to 2.66 * Add Telekom Security roots * Add D-Trust 2022 S/MIME roots * Remove expired Security Communication RootCA1 root * move keys to a slot that supports concatenation in PK11_ConcatSymKeys * remove unmaintained tls-interop tests * bogo: add support for the -ipv6 and -shim-id shim flags * bogo: add support for the -curves shim flag and update Kyber expectations * bogo: adjust expectation for a key usage bit test * mozpkix: add option to ignore invalid subject alternative names * Fix selfserv not stripping `publicname:` from -X value * take ownership of ecckilla shims * add valgrind annotations to freebl/ec.c * PR_INADDR_ANY needs PR_htonl before assignment to inet.ip * Update zlib to 1.3.1 Update to NSS 3.97: * make Xyber768d00 opt-in by policy * add libssl support for xyber768d00 * add PK11_ConcatSymKeys * add Kyber and a PKCS#11 KEM interface to softoken * add a FreeBL API for Kyber * part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff * part 1: add a script for vendoring kyber from pq-crystals repo * Removing the calls to RSA Blind from loader.* * fix worker type for level3 mac tasks * RSA Blind implementation * Remove DSA selftests * read KWP testvectors from JSON * Backed out changeset dcb174139e4f * Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation * Wrap CC shell commands in gyp expansions Update to NSS 3.96.1: * Use pypi dependencies for MacOS worker in ./build_gyp.sh * p7sign: add -a hash and -u certusage (also p7verify cleanups) * add a defensive check for large ssl_DefSend return values * Add dependency to the taskcluster script for Darwin * Upgrade version of the MacOS worker for the CI Update to NSS 3.95: * Bump builtins version number. * Remove Email trust bit from Autoridad de Certificacion Firmaprofesional CIF A62634068 root cert. * Remove 4 DigiCert (Symantec/Verisign) Root Certificates * Remove 3 TrustCor Root Certificates from NSS. * Remove Camerfirma root certificates from NSS. * Remove old Autoridad de Certificacion Firmaprofesional Certificate. * Add four Commscope root certificates to NSS. * Add TrustAsia Global Root CA G3 and G4 root certificates. * Include P-384 and P-521 Scalar Validation from HACL* * Include P-256 Scalar Validation from HACL*. * After the HACL 256 ECC patch, NSS incorrectly encodes 256 ECC without DER wrapping at the softoken level * Add means to provide library parameters to C_Initialize * add OSXSAVE and XCR0 tests to AVX2 detection. * Typo in ssl3_AppendHandshakeNumber * Introducing input check of ssl3_AppendHandshakeNumber * Fix Invalid casts in instance.c Update to NSS 3.94: * Updated code and commit ID for HACL* * update ACVP fuzzed test vector: refuzzed with current NSS * Softoken C_ calls should use system FIPS setting to select NSC_ or FC_ variants * NSS needs a database tool that can dump the low level representation of the database * declare string literals using char in pkixnames_tests.cpp * avoid implicit conversion for ByteString * update rust version for acvp docker * Moving the init function of the mpi_ints before clean-up in ec.c * P-256 ECDH and ECDSA from HACL* * Add ACVP test vectors to the repository * Stop relying on std::basic_string * Transpose the PPC_ABI check from Makefile to gyp Update to NSS 3.93: * Update zlib in NSS to 1.3. * softoken: iterate hashUpdate calls for long inputs. * regenerate NameConstraints test certificates (bsc#1214980). Update to NSS 3.92: * Set nssckbi version number to 2.62 * Add 4 Atos TrustedRoot Root CA certificates to NSS * Add 4 SSL.com Root CA certificates * Add Sectigo E46 and R46 Root CA certificates * Add LAWtrust Root CA2 (4096) * Remove E-Tugra Certification Authority root * Remove Camerfirma Chambers of Commerce Root. * Remove Hongkong Post Root CA 1 * Remove E-Tugra Global Root CA ECC v3 and RSA v3 * Avoid redefining BYTE_ORDER on hppa Linux Update to NSS 3.91: * Implementation of the HW support check for ADX instruction * Removing the support of Curve25519 * Fix comment about the addition of ticketSupportsEarlyData * Adding args to enable-legacy-db build * dbtests.sh failure in 'certutil dump keys with explicit default trust flags' * Initialize flags in slot structures * Improve the length check of RSA input to avoid heap overflow * Followup Fixes * avoid processing unexpected inputs by checking for m_exptmod base sign * add a limit check on order_k to avoid infinite loop * Update HACL* to commit 5f6051d2 * add SHA3 to cryptohi and softoken * HACL SHA3 * Disabling ASM C25519 for A but X86_64 Update to NSS 3.90.3: * GLOBALTRUST 2020: Set Distrust After for TLS and S/MIME. * clean up escape handling. * remove redundant AllocItem implementation. * Disable ASM support for Curve25519. * Disable ASM support for Curve25519 for all but X86_64. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2696-1 Released: Thu Aug 1 15:20:51 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1208690,1226412,1226529 This update for dracut fixes the following issues: - Version update: * feat(crypt): force the inclusion of crypttab entries with x-initrd.attach (bsc#1226529) * fix(mdraid): try to assemble the missing raid device (bsc#1226412) * fix(dracut-install): continue parsing if ldd prints 'cannot be preloaded' (bsc#1208690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2809-1 Released: Wed Aug 7 09:49:44 2024 Summary: Security update for shadow Type: security Severity: moderate References: 1228770,CVE-2013-4235 This update for shadow fixes the following issues: - Fixed not copying of skel files (bsc#1228770) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2887-1 Released: Tue Aug 13 10:52:45 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1159034,1194818,1222285 This update for util-linux fixes the following issues: - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). - agetty: Prevent login cursor escape (bsc#1194818). - Document unexpected side effects of lazy destruction (bsc#1159034). - Don't delete binaries not common for all architectures. Create an util-linux-extra subpackage instead, so users of third party tools can use them (bsc#1222285). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2891-1 Released: Tue Aug 13 11:39:53 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1226463,1227138,CVE-2024-5535 This update for openssl-1_1 fixes the following issues: - CVE-2024-5535: Fixed a buffer overread in function SSL_select_next_proto() with an empty supported client protocols buffer (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2894-1 Released: Tue Aug 13 16:07:49 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1082555,1193454,1193554,1193787,1194324,1194869,1195357,1195668,1195927,1195957,1196018,1196823,1197146,1197246,1197762,1202346,1202686,1208783,1209636,1213123,1215492,1215587,1216834,1219832,1220138,1220185,1220186,1220187,1220869,1220876,1220942,1220952,1221010,1221044,1221647,1221654,1221656,1221659,1221777,1222011,1222323,1222326,1222328,1222625,1222702,1222728,1222799,1222809,1222810,1223021,1223180,1223635,1223652,1223675,1223778,1223806,1223813,1223815,1223836,1223863,1224414,1224499,1224500,1224512,1224516,1224517,1224545,1224548,1224557,1224572,1224573,1224585,1224604,1224636,1224641,1224683,1224694,1224700,1224743,1225088,1225272,1225301,1225475,1225489,1225504,1225505,1225564,1225573,1225581,1225586,1225711,1225717,1225719,1225744,1225745,1225746,1225752,1225753,1225757,1225767,1225810,1225815,1225820,1225829,1225835,1225838,1225839,1225843,1225847,1225851,1225856,1225895,1225898,1225903,1226202,1226502,1226519,1226551,1226555,1226565,1226568,1226570,1226571,1 226574,1226588,1226607,1226650,1226698,1226713,1226716,1226750,1226757,1226758,1226775,1226783,1226785,1226834,1226837,1226911,1226990,1226993,1227090,1227121,1227157,1227162,1227362,1227383,1227432,1227435,1227447,1227487,1227549,1227573,1227618,1227620,1227626,1227635,1227661,1227716,1227722,1227724,1227725,1227728,1227729,1227730,1227732,1227733,1227750,1227754,1227755,1227760,1227762,1227763,1227764,1227766,1227770,1227771,1227772,1227774,1227779,1227780,1227783,1227786,1227787,1227790,1227792,1227796,1227797,1227798,1227800,1227802,1227806,1227808,1227810,1227812,1227813,1227814,1227816,1227820,1227823,1227824,1227828,1227829,1227836,1227846,1227849,1227851,1227862,1227864,1227865,1227866,1227870,1227884,1227886,1227891,1227893,1227899,1227900,1227910,1227913,1227917,1227919,1227920,1227921,1227922,1227923,1227924,1227925,1227927,1227928,1227931,1227932,1227933,1227935,1227936,1227938,1227941,1227942,1227944,1227945,1227947,1227948,1227949,1227950,1227952,1227953,1227954,122795 6,1227957,1227963,1227964,1227965,1227968,1227969,1227970,1227971,1227972,1227975,1227976,1227981,1227982,1227985,1227986,1227987,1227988,1227989,1227990,1227991,1227992,1227993,1227995,1227996,1227997,1228000,1228002,1228003,1228004,1228005,1228006,1228007,1228008,1228009,1228010,1228011,1228013,1228014,1228015,1228019,1228020,1228025,1228028,1228035,1228037,1228038,1228039,1228040,1228045,1228054,1228055,1228056,1228060,1228061,1228062,1228063,1228064,1228066,1228067,1228068,1228071,1228079,1228090,1228114,1228140,1228190,1228191,1228195,1228202,1228226,1228235,1228237,1228247,1228327,1228328,1228330,1228403,1228405,1228408,1228409,1228410,1228418,1228440,1228459,1228462,1228470,1228518,1228520,1228530,1228561,1228565,1228580,1228581,1228591,1228599,1228617,1228625,1228626,1228633,1228640,1228644,1228649,1228655,1228665,1228672,1228680,1228705,1228723,1228743,1228756,1228801,1228850,1228857,CVE-2021-47086,CVE-2021-47103,CVE-2021-47186,CVE-2021-47402,CVE-2021-47546,CVE-2021-47547,C VE-2021-47588,CVE-2021-47590,CVE-2021-47591,CVE-2021-47593,CVE-2021-47598,CVE-2021-47599,CVE-2021-47606,CVE-2021-47622,CVE-2021-47623,CVE-2021-47624,CVE-2022-48713,CVE-2022-48730,CVE-2022-48732,CVE-2022-48749,CVE-2022-48756,CVE-2022-48773,CVE-2022-48774,CVE-2022-48775,CVE-2022-48776,CVE-2022-48777,CVE-2022-48778,CVE-2022-48780,CVE-2022-48783,CVE-2022-48784,CVE-2022-48785,CVE-2022-48786,CVE-2022-48787,CVE-2022-48788,CVE-2022-48789,CVE-2022-48790,CVE-2022-48791,CVE-2022-48792,CVE-2022-48793,CVE-2022-48794,CVE-2022-48796,CVE-2022-48797,CVE-2022-48798,CVE-2022-48799,CVE-2022-48800,CVE-2022-48801,CVE-2022-48802,CVE-2022-48803,CVE-2022-48804,CVE-2022-48805,CVE-2022-48806,CVE-2022-48807,CVE-2022-48809,CVE-2022-48810,CVE-2022-48811,CVE-2022-48812,CVE-2022-48813,CVE-2022-48814,CVE-2022-48815,CVE-2022-48816,CVE-2022-48817,CVE-2022-48818,CVE-2022-48820,CVE-2022-48821,CVE-2022-48822,CVE-2022-48823,CVE-2022-48824,CVE-2022-48825,CVE-2022-48826,CVE-2022-48827,CVE-2022-48828,CVE-2022-48829,CVE-2022 -48830,CVE-2022-48831,CVE-2022-48834,CVE-2022-48835,CVE-2022-48836,CVE-2022-48837,CVE-2022-48838,CVE-2022-48839,CVE-2022-48840,CVE-2022-48841,CVE-2022-48842,CVE-2022-48843,CVE-2022-48844,CVE-2022-48846,CVE-2022-48847,CVE-2022-48849,CVE-2022-48850,CVE-2022-48851,CVE-2022-48852,CVE-2022-48853,CVE-2022-48855,CVE-2022-48856,CVE-2022-48857,CVE-2022-48858,CVE-2022-48859,CVE-2022-48860,CVE-2022-48861,CVE-2022-48862,CVE-2022-48863,CVE-2022-48864,CVE-2022-48866,CVE-2023-1582,CVE-2023-37453,CVE-2023-52435,CVE-2023-52573,CVE-2023-52580,CVE-2023-52591,CVE-2023-52735,CVE-2023-52751,CVE-2023-52762,CVE-2023-52775,CVE-2023-52812,CVE-2023-52857,CVE-2023-52863,CVE-2023-52885,CVE-2023-52886,CVE-2024-25741,CVE-2024-26583,CVE-2024-26584,CVE-2024-26585,CVE-2024-26615,CVE-2024-26633,CVE-2024-26635,CVE-2024-26636,CVE-2024-26641,CVE-2024-26661,CVE-2024-26663,CVE-2024-26665,CVE-2024-26800,CVE-2024-26802,CVE-2024-26813,CVE-2024-26814,CVE-2024-26863,CVE-2024-26889,CVE-2024-26920,CVE-2024-26935,CVE-2024-26961,C VE-2024-26976,CVE-2024-27015,CVE-2024-27019,CVE-2024-27020,CVE-2024-27025,CVE-2024-27065,CVE-2024-27402,CVE-2024-27437,CVE-2024-35805,CVE-2024-35819,CVE-2024-35837,CVE-2024-35853,CVE-2024-35854,CVE-2024-35855,CVE-2024-35889,CVE-2024-35890,CVE-2024-35893,CVE-2024-35899,CVE-2024-35934,CVE-2024-35949,CVE-2024-35961,CVE-2024-35979,CVE-2024-35995,CVE-2024-36000,CVE-2024-36004,CVE-2024-36288,CVE-2024-36889,CVE-2024-36901,CVE-2024-36902,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36912,CVE-2024-36913,CVE-2024-36914,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36939,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36946,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959,CVE-2024-36974,CVE-2024-38548,CVE-2024-38555,CVE-2024-38558,CVE-2024-38559,CVE-2024-38570,CVE-2024-38586,CVE-2024-38588,CVE-2024-38598,CVE-2024-38628,CVE-2024-39276,CVE-2024-39371,CVE-2024-39463,CVE-2024-39472,CVE-2024-39475,CVE-2024-39482,CVE-2024-39487,CVE-2024 -39488,CVE-2024-39490,CVE-2024-39493,CVE-2024-39494,CVE-2024-39497,CVE-2024-39499,CVE-2024-39500,CVE-2024-39501,CVE-2024-39502,CVE-2024-39505,CVE-2024-39506,CVE-2024-39507,CVE-2024-39508,CVE-2024-39509,CVE-2024-40900,CVE-2024-40901,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40906,CVE-2024-40908,CVE-2024-40909,CVE-2024-40911,CVE-2024-40912,CVE-2024-40916,CVE-2024-40919,CVE-2024-40923,CVE-2024-40924,CVE-2024-40927,CVE-2024-40929,CVE-2024-40931,CVE-2024-40932,CVE-2024-40934,CVE-2024-40935,CVE-2024-40937,CVE-2024-40940,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40945,CVE-2024-40953,CVE-2024-40954,CVE-2024-40956,CVE-2024-40958,CVE-2024-40959,CVE-2024-40960,CVE-2024-40961,CVE-2024-40966,CVE-2024-40967,CVE-2024-40970,CVE-2024-40972,CVE-2024-40976,CVE-2024-40977,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40994,CVE-2024-40998,CVE-2024-40999,CVE-2024-41002,CVE-2024-41004,CVE-2024-41006,CVE-2024-41009, CVE-2024-41011,CVE-2024-41012,CVE-2024-41013,CVE-2024-41014,CVE-2024-41015,CVE-2024-41016,CVE-2024-41017,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41048,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41063,CVE-2024-41064,CVE-2024-41066,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41076,CVE-2024-41078,CVE-2024-41081,CVE-2024-41087,CVE-2024-41090,CVE-2024-41091,CVE-2024-42070,CVE-2024-42079,CVE-2024-42093,CVE-2024-42096,CVE-2024-42105,CVE-2024-42122,CVE-2024-42124,CVE-2024-42145,CVE-2024-42161,CVE-2024-42224,CVE-2024-42230 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47086: phonet/pep: refuse to enable an unbound pipe (bsc#1220952). - CVE-2021-47103: net: sock: preserve kabi for sock (bsc#1221010). - CVE-2021-47186: tipc: check for null after calling kmemdup (bsc#1222702). - CVE-2021-47546: Kabi fix for ipv6: fix memory leak in fib6_rule_suppress (bsc#1225504). - CVE-2021-47547: net: tulip: de4x5: fix the problem that the array 'lp->phy' may be out of bound (bsc#1225505). - CVE-2021-47588: sit: do not call ipip6_dev_free() from sit_init_net() (bsc#1226568). - CVE-2021-47590: mptcp: fix deadlock in __mptcp_push_pending() (bsc#1226565). - CVE-2021-47591: mptcp: remove tcp ulp setsockopt support (bsc#1226570). - CVE-2021-47593: mptcp: clear 'kern' flag from fallback sockets (bsc#1226551). - CVE-2021-47598: sch_cake: do not call cake_destroy() from cake_init() (bsc#1226574). - CVE-2021-47599: btrfs: use latest_dev in btrfs_show_devname (bsc#1226571) - CVE-2021-47606: net: netlink: af_netlink: Prevent empty skb by adding a check on len (bsc#1226555). - CVE-2021-47623: powerpc/fixmap: Fix VM debug warning on unmap (bsc#1227919). - CVE-2022-48785: ipv6: mcast: use rcu-safe version of ipv6_get_lladdr() (bsc#1227927) - CVE-2022-48810: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path (bsc#1227936). - CVE-2022-48850: net-sysfs: add check for netdevice being present to speed_show (bsc#1228071) - CVE-2022-48855: sctp: fix kernel-infoleak for SCTP sockets (bsc#1228003). - CVE-2023-52435: net: prevent mss overflow in skb_segment() (bsc#1220138). - CVE-2023-52573: net: rds: Fix possible NULL-pointer dereference (bsc#1220869) - CVE-2023-52580: net/core: Fix ETH_P_1588 flow dissector (bsc#1220876). - CVE-2023-52751: smb: client: fix use-after-free in smb2_query_info_compound() (bsc#1225489). - CVE-2023-52775: net/smc: avoid data corruption caused by decline (bsc#1225088). - CVE-2023-52812: drm/amd: check num of link levels when update pcie param (bsc#1225564). - CVE-2023-52857: drm/mediatek: Fix coverity issue with unintentional integer overflow (bsc#1225581). - CVE-2023-52863: hwmon: (axi-fan-control) Fix possible NULL pointer dereference (bsc#1225586). - CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187). - CVE-2024-26615: net/smc: fix illegal rmb_desc access in SMC-D connection dump (bsc#1220942). - CVE-2024-26633: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (bsc#1221647). - CVE-2024-26635: llc: Drop support for ETH_P_TR_802_2 (bsc#1221656). - CVE-2024-26636: llc: make llc_ui_sendmsg() more robust against bonding changes (bsc#1221659). - CVE-2024-26641: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() (bsc#1221654). - CVE-2024-26661: drm/amd/display: Add NULL test for 'timing generator' in (bsc#1222323) - CVE-2024-26663: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() (bsc#1222326). - CVE-2024-26665: tunnels: fix out of bounds access when building IPv6 PMTU error (bsc#1222328). - CVE-2024-26802: stmmac: Clear variable when destroying workqueue (bsc#1222799). - CVE-2024-26863: hsr: Fix uninit-value access in hsr_get_node() (bsc#1223021). - CVE-2024-26961: mac802154: fix llsec key resources release in mac802154_llsec_key_del (bsc#1223652). - CVE-2024-27015: netfilter: flowtable: incorrect pppoe tuple (bsc#1223806). - CVE-2024-27019: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (bsc#1223813) - CVE-2024-27020: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (bsc#1223815) - CVE-2024-27025: nbd: null check for nla_nest_start (bsc#1223778) - CVE-2024-27065: netfilter: nf_tables: do not compare internal table flags on updates (bsc#1223836). - CVE-2024-27402: phonet/pep: fix racy skb_queue_empty() use (bsc#1224414). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-35805: dm snapshot: fix lockup in dm_exception_table_exit (bsc#1224743). - CVE-2024-35819: soc: fsl: qbman: Use raw spinlock for cgr_lock (bsc#1224683). - CVE-2024-35837: net: mvpp2: clear BM pool before initialization (bsc#1224500). - CVE-2024-35853: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (bsc#1224604). - CVE-2024-35889: idpf: fix kernel panic on unknown packet types (bsc#1224517). - CVE-2024-35890: gro: fix ownership transfer (bsc#1224516). - CVE-2024-35893: net/sched: act_skbmod: prevent kernel-infoleak (bsc#1224512) - CVE-2024-35899: netfilter: nf_tables: flush pending destroy work before exit_net release (bsc#1224499) - CVE-2024-35934: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() (bsc#1224641) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700) - CVE-2024-35961: net/mlx5: Restore mistakenly dropped parts in register devlink flow (bsc#1224585). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35995: ACPI: CPPC: Fix access width used for PCC registers (bsc#1224557). - CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548). - CVE-2024-36004: i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (bsc#1224545) - CVE-2024-36901: ipv6: prevent NULL dereference in ip6_output() (bsc#1225711) - CVE-2024-36902: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (bsc#1225719). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36912: Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl (bsc#1225752). - CVE-2024-36913: Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails (bsc#1225753). - CVE-2024-36914: drm/amd/display: Skip on writeback when it's not applicable (bsc#1225757). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36939: nfs: Handle error of rpc_proc_register() in nfs_net_init() (bsc#1225838). - CVE-2024-36946: phonet: fix rtm_phonet_notify() skb allocation (bsc#1225851). - CVE-2024-36974: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP (bsc#1226519). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38558: net: openvswitch: fix overwriting ct original tuple for ICMPv6 (bsc#1226783). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-38586: r8169: Fix possible ring buffer corruption on fragmented Tx packets (bsc#1226750). - CVE-2024-38598: md: fix resync softlockup when bitmap size is less than array size (bsc#1226757). - CVE-2024-38628: usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (bsc#1226911). - CVE-2024-39276: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (bsc#1226993). - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2024-39463: 9p: add missing locking around taking dentry fid list (bsc#1227090). - CVE-2024-39472: xfs: fix log recovery buffer allocation for the legacy h_size fixup (bsc#1227432). - CVE-2024-39482: bcache: fix variable length array abuse in btree_iter (bsc#1227447). - CVE-2024-39487: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (bsc#1227573) - CVE-2024-39490: ipv6: sr: fix missing sk_buff release in seg6_input_core (bsc#1227626). - CVE-2024-39493: crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (bsc#1227620). - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name (bsc#1227716). - CVE-2024-39497: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (bsc#1227722) - CVE-2024-39502: ionic: fix use after netif_napi_del() (bsc#1227755). - CVE-2024-39506: liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39507: net: hns3: fix kernel crash problem in concurrent scenario (bsc#1227730). - CVE-2024-39508: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags (bsc#1227732). - CVE-2024-40901: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (bsc#1227762). - CVE-2024-40906: net/mlx5: Always stop health timer during driver removal (bsc#1227763). - CVE-2024-40908: bpf: Set run context for rawtp test_run callback (bsc#1227783). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40919: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (bsc#1227779). - CVE-2024-40923: vmxnet3: disable rx data ring on dma allocation failure (bsc#1227786). - CVE-2024-40931: mptcp: ensure snd_una is properly initialized on connect (bsc#1227780). - CVE-2024-40935: cachefiles: flush all requests after setting CACHEFILES_DEAD (bsc#1227797). - CVE-2024-40937: gve: Clear napi->skb before dev_kfree_skb_any() (bsc#1227836). - CVE-2024-40940: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail (bsc#1227800). - CVE-2024-40943: ocfs2: fix races between hole punching and AIO+DIO (bsc#1227849). - CVE-2024-40953: KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() (bsc#1227806). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40960: ipv6: prevent possible NULL dereference in rt6_probe() (bsc#1227813). - CVE-2024-40961: ipv6: prevent possible NULL deref in fib6_nh_init() (bsc#1227814). - CVE-2024-40966: kABI: tty: add the option to have a tty reject a new ldisc (bsc#1227886). - CVE-2024-40967: serial: imx: Introduce timeout when waiting on transmitter empty (bsc#1227891). - CVE-2024-40970: Avoid hw_desc array overrun in dw-axi-dmac (bsc#1227899). - CVE-2024-40972: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (bsc#1227910). - CVE-2024-40977: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (bsc#1227950). - CVE-2024-40982: ssb: Fix potential NULL pointer dereference in ssb_device_uevent() (bsc#1227865). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40998: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (bsc#1227866). - CVE-2024-40999: net: ena: Add validation for completion descriptors consistency (bsc#1227913). - CVE-2024-41006: netrom: Fix a memory leak in nr_heartbeat_expiry() (bsc#1227862). - CVE-2024-41009: selftests/bpf: Add more ring buffer test coverage (bsc#1228020). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41013: xfs: do not walk off the end of a directory data block (bsc#1228405). - CVE-2024-41014: xfs: add bounds checking to xlog_recover_process_data (bsc#1228408). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41016: ocfs2: add bounds checking to ocfs2_xattr_find_entry() (bsc#1228410). - CVE-2024-41017: jfs: do not walk off the end of ealist (bsc#1228403). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518) - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520) - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565) - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41059: hfsplus: fix uninit-value in copy_name (bsc#1228561). - CVE-2024-41063: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (bsc#1228580) - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41066: ibmvnic: Add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41071: wifi: mac80211: Avoid address calculations via out of bounds array indexing (bsc#1228625). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617) - CVE-2024-41090: tap: add missing verification for short frame (bsc#1228328). - CVE-2024-41091: tun: add missing verification for short frame (bsc#1228327). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470) - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591) - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705) - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743) - CVE-2024-42161: Avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723) - CVE-2024-42230: powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). The following non-security bugs were fixed: - ACPI: EC: Abort address space access upon error (stable-fixes). - ACPI: EC: Avoid returning AE_OK on errors in address space handler (stable-fixes). - ACPI: processor_idle: Fix invalid comparison with insertion sort for latency (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (stable-fixes). - ACPI: x86: Force StorageD3Enable on more products (stable-fixes). - ACPI: x86: utils: Add Picasso to the list for forcing StorageD3Enable (stable-fixes). - ALSA: dmaengine_pcm: terminate dmaengine before synchronize (stable-fixes). - ALSA: dmaengine: Synchronize dma channel after drop() (stable-fixes). - ALSA: emux: improve patch ioctl data validation (stable-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: hda/realtek: Add more codec ID to no shutup pins list (stable-fixes). - ALSA: hda/realtek: add quirk for Clevo V5[46]0TU (stable-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Enable headset mic on Positivo SU C1400 (stable-fixes). - ALSA: hda/realtek: Enable Mute LED on HP 250 G7 (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for EliteBook 645/665 G11 (stable-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (stable-fixes). - ALSA: hda/realtek: Limit mic boost on VAIO PRO PX (stable-fixes). - ALSA: hda/relatek: Enable Mute LED on HP Laptop 15-gw0xxx (stable-fixes). - ALSA: pcm_dmaengine: Do not synchronize DMA channel when DMA is paused (git-fixes). - ALSA: usb-audio: Add a quirk for Sonix HD USB Camera (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Fix microphone sound on HD webcam (stable-fixes). - ALSA: usb-audio: Move HD Webcam quirk to the right place (git-fixes). - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-mek: fix gpio number for reg_usdhc2_vmmc (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: Add sound-dai-cells for RK3368 (git-fixes) - arm64: dts: rockchip: fix PMIC interrupt pin on ROCK Pi E (git-fixes) - arm64/io: add constant-argument check (bsc#1226502 git-fixes) - arm64/io: Provide a WC friendly __iowriteXX_copy() (bsc#1226502) - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - ASoC: amd: Adjust error handling in case of absent codec device (git-fixes). - ASoC: max98088: Check for clk_prepare_enable() error (git-fixes). - ASoC: ti: davinci-mcasp: Set min period size using FIFO config (stable-fixes). - ASoC: ti: omap-hdmi: Fix too long driver name (stable-fixes). - batman-adv: bypass empty buckets in batadv_purge_orig_ref() (stable-fixes). - blk-cgroup: dropping parent refcount after pd_free_fn() is done (bsc#1224573). - block: do not add partitions if GD_SUPPRESS_PART_SCAN is set (bsc#1227162). - block, loop: support partitions without scanning (bsc#1227162). - Bluetooth: ath3k: Fix multiple issues reported by checkpatch.pl (stable-fixes). - Bluetooth: btqca: use le32_to_cpu for ver.soc_id (stable-fixes). - Bluetooth: hci_core: cancel all works upon hci_unregister_dev() (stable-fixes). - Bluetooth: hci_qca: mark OF related data as maybe unused (stable-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: qca: Fix BT enable failure again for QCA6390 after warm reboot (git-fixes). - bnxt_re: Fix imm_data endianness (git-fixes) - bpf: aggressively forget precise markings during state checkpointing (bsc#1225903). - bpf: allow precision tracking for programs with subprogs (bsc#1225903). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: clean up visit_insn()'s instruction processing (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: encapsulate precision backtracking bookkeeping (bsc#1225903). - bpf: ensure state checkpointing at iter_next() call sites (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: fix calculation of subseq_idx during precision backtracking (bsc#1225903). - bpf: fix mark_all_scalars_precise use in mark_chain_precision (bsc#1225903). - bpf: Fix memory leaks in __check_func_call (bsc#1225903). - bpf: fix propagate_precision() logic for inner frames (bsc#1225903). - bpf: fix regs_exact() logic in regsafe() to remap IDs correctly (bsc#1225903). - bpf: Fix to preserve reg parent/live fields when copying range info (bsc#1225903). - bpf: generalize MAYBE_NULL vs non-MAYBE_NULL rule (bsc#1225903). - bpf: improve precision backtrack logging (bsc#1225903). - bpf: Improve verifier u32 scalar equality checking (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: maintain bitmasks across all active frames in __mark_chain_precision (bsc#1225903). - bpf: mark relevant stack slots scratched for register read instructions (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: perform byte-by-byte comparison only when necessary in regsafe() (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: regsafe() must not skip check_ids() (bsc#1225903). - bpf: reject non-exact register type matches in regsafe() (bsc#1225903). - bpf: Remove unused insn_cnt argument from visit_[func_call_]insn() (bsc#1225903). - bpf: reorganize struct bpf_reg_state fields (bsc#1225903). - bpf: Skip invalid kfunc call in backtrack_insn (bsc#1225903). - bpf: states_equal() must build idmap for all function frames (bsc#1225903). - bpf: stop setting precise in current state (bsc#1225903). - bpf: support precision propagation in the presence of subprogs (bsc#1225903). - bpf: take into account liveness when propagating precision (bsc#1225903). - bpf: teach refsafe() to take into account ID remapping (bsc#1225903). - bpf: unconditionally reset backtrack_state masks on global func exit (bsc#1225903). - bpf: use check_ids() for active_lock comparison (bsc#1225903). - bpf: Use scalar ids in mark_chain_precision() (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: Verify scalar ids mapping in regsafe() using check_ids() (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - btrfs: add device major-minor info in the struct btrfs_device (bsc#1227162). - btrfs: harden identification of a stale device (bsc#1227162). - btrfs: match stale devices by dev_t (bsc#1227162). - btrfs: remove the cross file system checks from remap (bsc#1227157). - btrfs: use dev_t to match device in device_matched (bsc#1227162). - btrfs: validate device maj:min during open (bsc#1227162). - bytcr_rt5640 : inverse jack detect for Archos 101 cesium (stable-fixes). - cachefiles: add output string to cachefiles_obj_[get|put]_ondemand_fd (git-fixes). - can: kvaser_usb: Explicitly initialize family in leafimx driver_info struct (git-fixes). - can: kvaser_usb: fix return value for hif_usb_send_regout (stable-fixes). - ceph: fix incorrect kmalloc size of pagevec mempool (bsc#1228418). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - checkpatch: really skip LONG_LINE_* when LONG_LINE is ignored (git-fixes). - crypto: aead,cipher - zeroize key buffer after use (stable-fixes). - crypto: ecdh - explicitly zeroize private_key (stable-fixes). - crypto: ecdsa - Fix the public key format description (git-fixes). - crypto: hisilicon/sec - Fix memory leak for sec resource release (stable-fixes). - csky: ftrace: Drop duplicate implementation of arch_check_ftrace_location() (git-fixes). - decompress_bunzip2: fix rare decompression failure (git-fixes). - devres: Fix devm_krealloc() wasting memory (git-fixes). - devres: Fix memory leakage caused by driver API devm_free_percpu() (git-fixes). - dma: fix call order in dmam_free_coherent (git-fixes). - docs: crypto: async-tx-api: fix broken code example (git-fixes). - docs: Fix formatting of literal sections in fanotify docs (stable-fixes). - drm/amd/amdgpu: Fix style errors in amdgpu_drv.c & amdgpu_device.c (stable-fixes). - drm/amd/display: Account for cursor prefetch BW in DML1 mode support (stable-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Check index msg_id before read or write (stable-fixes). - drm/amd/display: Check pipe offset before setting vblank (stable-fixes). - drm/amd/display: Skip finding free audio for unknown engine_id (stable-fixes). - drm/amdgpu/atomfirmware: fix parsing of vram_info (stable-fixes). - drm/amdgpu/atomfirmware: silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid using null object of framebuffer (stable-fixes). - drm/amdgpu: Check if NBIO funcs are NULL in amdgpu_device_baco_exit (git-fixes). - drm/amdgpu: Fix pci state save during mode-1 reset (git-fixes). - drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (git-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warnings (stable-fixes). - drm/amdgpu: Initialize timestamp for some legacy SOCs (stable-fixes). - drm/amdgpu: Remove GC HW IP 9.3.0 from noretry=1 (git-fixes). - drm/amd/pm: Fix aldebaran pcie speed reporting (git-fixes). - drm/amd/pm: remove logically dead code for renoir (git-fixes). - drm/dp_mst: Fix all mstb marked as not probed after suspend/resume (git-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/etnaviv: fix DMA direction handling for cached RW buffers (git-fixes). - drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes (git-fixes). - drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes (git-fixes). - drm/i915/gt: Do not consider preemption during execlists_dequeue for gen8 (git-fixes). - drm/lima: fix shared irq handling on driver remove (stable-fixes). - drm/lima: Mark simple_ondemand governor as softdep (git-fixes). - drm/mediatek: Add OVL compatible name for MT8195 (git-fixes). - drm/meson: fix canvas release in bind function (git-fixes). - drm/mgag200: Bind I2C lifetime to DRM device (git-fixes). - drm/mgag200: Set DDC timeout in milliseconds (git-fixes). - drm/mipi-dsi: Fix mipi_dsi_dcs_write_seq() macro definition format (stable-fixes). - drm/mipi-dsi: Fix theoretical int overflow in mipi_dsi_dcs_write_seq() (git-fixes). - drm/msm/dpu: drop validity checks for clear_pending_flush() ctl op (git-fixes). - drm/msm/mdp5: Remove MDP_CAP_SRC_SPLIT from msm8x53_config (git-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (stable-fixes). - drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (stable-fixes). - drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (git-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: boe-tv101wum-nl6: Check for errors on the NOP in prepare() (git-fixes). - drm/panel: boe-tv101wum-nl6: If prepare fails, disable GPIO before regulators (git-fixes). - drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Valve Galileo (stable-fixes). - drm/panfrost: Mark simple_ondemand governor as softdep (git-fixes). - drm/qxl: Add check for drm_cvt_mode (git-fixes). - drm/radeon: check bo_va->bo is non-NULL before using it (stable-fixes). - drm/radeon/radeon_display: Decrease the size of allocated memory (stable-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix missing HYPERVISOR_GUEST dependency (stable-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - eeprom: digsy_mtc: Fix 93xx46 driver probe failure (git-fixes). - exfat: check if cluster num is valid (git-fixes). - exfat: simplify is_valid_cluster() (git-fixes). - filelock: add a new locks_inode_context accessor function (git-fixes). - firmware: cs_dsp: Fix overflow checking of wmfw header (git-fixes). - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (git-fixes). - firmware: cs_dsp: Return error if block header overflows file (git-fixes). - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (git-fixes). - firmware: cs_dsp: Validate payload length before processing block (git-fixes). - firmware: dmi: Stop decoding on broken entry (stable-fixes). - firmware: turris-mox-rwtm: Do not complete if there are no waiters (git-fixes). - firmware: turris-mox-rwtm: Fix checking return value of wait_for_completion_timeout() (git-fixes). - firmware: turris-mox-rwtm: Initialize completion before mailbox (git-fixes). - fix build warning - fs: allow cross-vfsmount reflink/dedupe (bsc#1227157). - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: verify {g,u}id mount options correctly (bsc#1228191). - gpio: mc33880: Convert comma to semicolon (git-fixes). - hfsplus: fix to avoid false alarm of circular locking (git-fixes). - hfsplus: fix uninit-value in copy_name (git-fixes). - HID: Add quirk for Logitech Casa touchpad (stable-fixes). - HID: wacom: Modify pen IDs (git-fixes). - hpet: Support 32-bit userspace (git-fixes). - hwmon: (adt7475) Fix default duty on fan is disabled (git-fixes). - hwmon: (max6697) Fix swapped temp{1,8} critical alarms (git-fixes). - hwmon: (max6697) Fix underflow when writing limit attributes (git-fixes). - i2c: mark HostNotify target address as used (git-fixes). - i2c: rcar: bring hardware to known state when probing (git-fixes). - i2c: tegra: Fix failure during probe deferral cleanup (git-fixes) - i2c: tegra: Share same DMA channel for RX and TX (bsc#1227661) - i2c: testunit: avoid re-issued work after read message (git-fixes). - i2c: testunit: correct Kconfig description (git-fixes). - Input: elan_i2c - do not leave interrupt disabled on suspend failure (git-fixes). - Input: elantech - fix touchpad state on resume for Lenovo N24 (stable-fixes). - Input: ff-core - prefer struct_size over open coded arithmetic (stable-fixes). - Input: qt1050 - handle CHIP_ID reading error (git-fixes). - Input: silead - Always support 10 fingers (stable-fixes). - intel_th: pci: Add Granite Rapids SOC support (stable-fixes). - intel_th: pci: Add Granite Rapids support (stable-fixes). - intel_th: pci: Add Lunar Lake support (stable-fixes). - intel_th: pci: Add Meteor Lake-S support (stable-fixes). - intel_th: pci: Add Sapphire Rapids SOC support (stable-fixes). - iommu/arm-smmu-v3: Free MSIs in case of ENOMEM (git-fixes). - ionic: clean interrupt before enabling queue to avoid credit race (git-fixes). - jffs2: Fix potential illegal address access in jffs2_free_inode (git-fixes). - jfs: Fix array-index-out-of-bounds in diFree (git-fixes). - jfs: xattr: fix buffer overflow for invalid xattr (bsc#1227383). - kABI: bpf: bpf_reg_state reorganization kABI workaround (bsc#1225903). - kABI: bpf: callback fixes kABI workaround (bsc#1225903). - kABI: bpf: struct bpf_{idmap,idset} kABI workaround (bsc#1225903). - kABI: bpf: tmp_str_buf kABI workaround (bsc#1225903). - kABI: rtas: Workaround false positive due to lost definition (bsc#1227487). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi/severities: Ignore tpm_tis_core_init (bsc#1082555). - kabi/severity: add nvme common code The nvme common code is also allowed to change the data structures, there are only internal users. - kabi: Use __iowriteXX_copy_inlined for in-kernel modules (bsc#1226502) - kernel-binary: vdso: Own module_dir - kernel/sched: Remove dl_boosted flag comment (git fixes (sched)). - knfsd: LOOKUP can return an illegal error value (git-fixes). - kobject_uevent: Fix OOB access within zap_modalias_env() (git-fixes). - kprobes: Make arch_check_ftrace_location static (git-fixes). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: PPC: Book3S HV: Fix 'rm_exit' entry in debugfs timings (bsc#1194869). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV Nested: L2 LPCR should inherit L1 LPES setting (bsc#1194869). - KVM: PPC: Book3S HV: remove extraneous asterisk from rm_host_ipi_action() comment (bsc#1194869). - KVM: PPC: Book3S: Suppress failed alloc warning in H_COPY_TOFROM_GUEST (bsc#1194869). - KVM: PPC: Book3S: Suppress warnings when allocating too big memory slots (bsc#1194869). - KVM: s390: fix LPSWEY handling (bsc#1227635 git-fixes). - KVM: SVM: Process ICR on AVIC IPI delivery failure due to invalid target (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: x86: Add IBPB_BRTYPE support (bsc#1228079). - KVM: x86: Always sync PIR to IRR prior to scanning I/O APIC routes (git-fixes). - KVM: x86: Bail from kvm_recalculate_phys_map() if x2APIC ID is out-of-bounds (git-fixes). - KVM: x86: Disable APIC logical map if logical ID covers multiple MDAs (git-fixes). - KVM: x86: Disable APIC logical map if vCPUs are aliased in logical mode (git-fixes). - KVM: x86: Do not advertise guest.MAXPHYADDR as host.MAXPHYADDR in CPUID (git-fixes). - KVM: x86: Explicitly skip optimized logical map setup if vCPU's LDR==0 (git-fixes). - KVM: x86: Explicitly track all possibilities for APIC map's logical modes (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fix KVM_GET_MSRS stack info leak (git-fixes). - KVM: x86: Honor architectural behavior for aliased 8-bit APIC IDs (git-fixes). - KVM: x86: Purge 'highest ISR' cache when updating APICv state (git-fixes). - KVM: x86: Save/restore all NMIs when multiple NMIs are pending (git-fixes). - KVM: x86: Skip redundant x2APIC logical mode optimized cluster setup (git-fixes). - leds: ss4200: Convert PCIBIOS_* return codes to errnos (git-fixes). - leds: triggers: Flush pending brightness before activating trigger (git-fixes). - leds: trigger: Unregister sysfs attributes before calling deactivate() (git-fixes). - libceph: fix race between delayed_work() and ceph_monc_stop() (bsc#1228190). - lib: objagg: Fix general protection fault (git-fixes). - lib: objagg: Fix spelling (git-fixes). - lib: test_objagg: Fix spelling (git-fixes). - lockd: set missing fl_flags field when retrieving args (git-fixes). - lockd: use locks_inode_context helper (git-fixes). - Make AMD_HSMP=m and mark it unsupported in supported.conf (jsc#PED-8582) - media: dvb: as102-fe: Fix as10x_register_addr packing (stable-fixes). - media: dvbdev: Initialize sbuf (stable-fixes). - media: dvb-frontends: tda10048: Fix integer overflow (stable-fixes). - media: dvb-frontends: tda18271c2dd: Remove casting during div (stable-fixes). - media: dvb-usb: dib0700_devices: Add missing release_firmware() (stable-fixes). - media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control() (git-fixes). - media: dw2102: Do not translate i2c read into write (stable-fixes). - media: dw2102: fix a potential buffer overflow (git-fixes). - media: imon: Fix race getting ictx->lock (git-fixes). - media: s2255: Use refcount_t instead of atomic_t for num_channels (stable-fixes). - media: uvcvideo: Fix integer overflow calculating timestamp (git-fixes). - media: uvcvideo: Override default flags (git-fixes). - media: venus: fix use after free in vdec_close (git-fixes). - media: venus: flush all buffers in output plane streamoff (git-fixes). - mei: demote client disconnect warning on suspend to debug (stable-fixes). - mfd: omap-usb-tll: Use struct_size to allocate tll (git-fixes). - mtd: partitions: redboot: Added conversion of operands to a larger type (stable-fixes). - net/dcb: check for detached device before executing callbacks (bsc#1215587). - netfilter: conntrack: ignore overly delayed tcp packets (bsc#1223180). - netfilter: conntrack: prepare tcp_in_window for ternary return value (bsc#1223180). - netfilter: conntrack: remove pr_debug callsites from tcp tracker (bsc#1223180). - netfilter: conntrack: work around exceeded receive window (bsc#1223180). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - net: mana: Fix possible double free in error handling path (git-fixes). - net: mana: Fix the extra HZ in mana_hwc_send_request (git-fixes). - net: usb: qmi_wwan: add Telit FN912 compositions (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - nfc/nci: Add the inconsistency check between the input data length and count (stable-fixes). - NFSD: Add an nfsd_file_fsync tracepoint (git-fixes). - NFSD: Add an NFSD_FILE_GC flag to enable nfsd_file garbage collection (git-fixes). - nfsd: Add errno mapping for EREMOTEIO (git-fixes). - NFSD: Add nfsd_file_lru_dispose_list() helper (git-fixes). - nfsd: add some comments to nfsd_file_do_acquire (git-fixes). - nfsd: allow nfsd_file_get to sanely handle a NULL pointer (git-fixes). - nfsd: allow reaping files still under writeback (git-fixes). - NFSD: Avoid calling fh_drop_write() twice in do_nfsd_create() (git-fixes). - NFSD: Clean up nfsd3_proc_create() (git-fixes). - nfsd: Clean up nfsd_file_put() (git-fixes). - NFSD: Clean up nfsd_open_verified() (git-fixes). - NFSD: Clean up unused code after rhashtable conversion (git-fixes). - NFSD: Convert filecache to rhltable (git-fixes). - NFSD: Convert the filecache to use rhashtable (git-fixes). - NFSD: De-duplicate hash bucket indexing (git-fixes). - nfsd: do not free files unconditionally in __nfsd_file_cache_purge (git-fixes). - nfsd: do not fsync nfsd_files on last close (git-fixes). - nfsd: do not hand out delegation on setuid files being opened for write (git-fixes). - nfsd: do not kill nfsd_files because of lease break error (git-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nfsd: do not take/put an extra reference when putting a file (git-fixes). - NFSD enforce filehandle check for source file in COPY (git-fixes). - NFSD: Ensure nf_inode is never dereferenced (git-fixes). - nfsd: fix handling of cached open files in nfsd4_open codepath (git-fixes). - NFSD: Fix licensing header in filecache.c (git-fixes). - nfsd: fix net-namespace logic in __nfsd_file_cache_purge (git-fixes). - nfsd: fix nfsd_file_unhash_and_dispose (git-fixes). - NFSD: Fix potential use-after-free in nfsd_file_put() (git-fixes). - NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop (git-fixes). - NFSD: Fix the filecache LRU shrinker (git-fixes). - nfsd: fix up the filecache laundrette scheduling (git-fixes). - nfsd: fix use-after-free in nfsd_file_do_acquire tracepoint (git-fixes). - NFSD: Flesh out a documenting comment for filecache.c (git-fixes). - NFSD: handle errors better in write_ports_addfd() (git-fixes). - NFSD: Instantiate a struct file when creating a regular NFSv4 file (git-fixes). - NFSD: Leave open files out of the filecache LRU (git-fixes). - nfsd: map EBADF (git-fixes). - NFSD: Move nfsd_file_trace_alloc() tracepoint (git-fixes). - NFSD: nfsd_file_hash_remove can compute hashval (git-fixes). - nfsd: NFSD_FILE_KEY_INODE only needs to find GC'ed entries (git-fixes). - NFSD: nfsd_file_put() can sleep (git-fixes). - NFSD: nfsd_file_unhash can compute hashval from nf->nf_inode (git-fixes). - NFSD: No longer record nf_hashval in the trace log (git-fixes). - NFSD: Pass the target nfsd_file to nfsd_commit() (git-fixes). - nfsd: put the export reference in nfsd4_verify_deleg_dentry (git-fixes). - NFSD: Record number of flush calls (git-fixes). - NFSD: Refactor nfsd_create_setattr() (git-fixes). - NFSD: Refactor __nfsd_file_close_inode() (git-fixes). - NFSD: Refactor nfsd_file_gc() (git-fixes). - NFSD: Refactor nfsd_file_lru_scan() (git-fixes). - NFSD: Refactor NFSv3 CREATE (git-fixes). - NFSD: Refactor NFSv4 OPEN(CREATE) (git-fixes). - NFSD: Remove do_nfsd_create() (git-fixes). - NFSD: Remove lockdep assertion from unhash_and_release_locked() (git-fixes). - NFSD: Remove nfsd_file::nf_hashval (git-fixes). - nfsd: remove the pages_flushed statistic from filecache (git-fixes). - nfsd: reorganize filecache.c (git-fixes). - NFSD: Replace the 'init once' mechanism (git-fixes). - NFSD: Report average age of filecache items (git-fixes). - NFSD: Report count of calls to nfsd_file_acquire() (git-fixes). - NFSD: Report count of freed filecache items (git-fixes). - NFSD: Report filecache LRU size (git-fixes). - NFSD: Report the number of items evicted by the LRU walk (git-fixes). - nfsd: Retry once in nfsd_open on an -EOPENSTALE return (git-fixes). - nfsd: rework hashtable handling in nfsd_do_file_acquire (git-fixes). - nfsd: rework refcounting in filecache (git-fixes). - NFSD: Separate tracepoints for acquire and create (git-fixes). - NFSD: Set up an rhashtable for the filecache (git-fixes). - nfsd: silence extraneous printk on nfsd.ko insertion (git-fixes). - NFSD: simplify per-net file cache management (git-fixes). - nfsd: simplify test_bit return in NFSD_FILE_KEY_FULL comparator (git-fixes). - nfsd: simplify the delayed disposal list code (git-fixes). - NFSD: Trace filecache LRU activity (git-fixes). - NFSD: Trace filecache opens (git-fixes). - NFSD: verify the opened dentry after setting a delegation (git-fixes). - NFSD: WARN when freeing an item still linked via nf_lru (git-fixes). - NFSD: Write verifier might go backwards (git-fixes). - NFSD: Zero counters when the filecache is re-initialized (git-fixes). - NFS: Fix READ_PLUS when server does not support OP_READ_PLUS (git-fixes). - nfs: fix undefined behavior in nfs_block_bits() (git-fixes). - nfs: keep server info for remounts (git-fixes). - nfs: Leave pages in the pagecache if readpage failed (git-fixes). - NFSv4: Fixup smatch warning for ambiguous return (git-fixes). - NFSv4.x: by default serialize open/close operations (bsc#1223863 bsc#1227362) - nilfs2: add missing check for inode numbers on directory entries (git-fixes). - nilfs2: add missing check for inode numbers on directory entries (stable-fixes). - nilfs2: avoid undefined behavior in nilfs_cnt32_ge macro (git-fixes). - nilfs2: convert persistent object allocator to use kmap_local (git-fixes). - nilfs2: fix incorrect inode allocation from reserved inodes (git-fixes). - nilfs2: fix inode number range checks (git-fixes). - nilfs2: fix inode number range checks (stable-fixes). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme-auth: alloc nvme_dhchap_key as single buffer (git-fixes). - nvme-auth: allow mixing of secret and hash lengths (git-fixes). - nvme-auth: use transformed key size to create resp (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvme: use ctrl state accessor (bsc#1215492). - ocfs2: fix DIO failure due to insufficient transaction credits (bsc#1216834). - ocfs2: remove redundant assignment to variable free_space (bsc#1228409). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - orangefs: fix out-of-bounds fsid access (git-fixes). - PCI: Add PCI_ERROR_RESPONSE and related definitions (stable-fixes). - PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal (git-fixes). - PCI: Extend ACS configurability (bsc#1228090). - PCI: Fix resource double counting on remove & rescan (git-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (git-fixes). - PCI: Introduce cleanup helpers for device reference counts and locks (stable-fixes). - PCI: keystone: Do not enable BAR 0 for AM654x (git-fixes). - PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() (git-fixes). - PCI: keystone: Relocate ks_pcie_set/clear_dbi_mode() (git-fixes). - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (git-fixes). - PCI/PM: Avoid D3cold for HP Pavilion 17 PC/1972 PCIe Ports (stable-fixes). - PCI: rockchip: Use GPIOD_OUT_LOW flag while requesting ep_gpio (git-fixes). - PCI: tegra194: Set EP alignment restriction for inbound ATU (git-fixes). - pinctrl: core: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: freescale: mxs: Fix refcount of child (git-fixes). - pinctrl: single: fix possible memory leak when pinctrl_enable() fails (git-fixes). - pinctrl: ti: ti-iodelay: fix possible memory leak when pinctrl_enable() fails (git-fixes). - platform/chrome: cros_ec_debugfs: fix wrong EC message version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/x86: dell-smbios-base: Use sysfs_emit() (stable-fixes). - platform/x86: dell-smbios: Fix wrong token data in sysfs (git-fixes). - platform/x86: lg-laptop: Change ACPI device id (stable-fixes). - platform/x86: lg-laptop: Remove LGEX0815 hotkey handling (stable-fixes). - platform/x86: touchscreen_dmi: Add info for GlobalSpace SolT IVW 11.6' tablet (stable-fixes). - platform/x86: touchscreen_dmi: Add info for the EZpad 6s Pro (stable-fixes). - platform/x86: wireless-hotkey: Add support for LG Airplane Button (stable-fixes). - powerpc/cpuidle: Set CPUIDLE_FLAG_POLLING for snooze state (bsc#1227121 ltc#207129). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc/kasan: Disable address sanitization in kexec paths (bsc#1194869). - powerpc/pseries: Fix scv instruction crash with kexec (bsc#1194869). - powerpc/rtas: clean up includes (bsc#1227487). - powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() (bsc#1227487). - power: supply: cros_usbpd: provide ID table for avoiding fallback match (stable-fixes). - pwm: stm32: Always do lazy disabling (git-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Ignore optional access flags for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/restrack: Fix potential invalid address access (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - regmap-i2c: Subtract reg size from max_write (stable-fixes). - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'leds: led-core: Fix refcount leak in of_led_get()' (git-fixes). - Revert 'usb: musb: da8xx: Set phy in OTG mode by default' (stable-fixes). - rpcrdma: fix handling for RDMA_CM_EVENT_DEVICE_REMOVAL (git-fixes). - rpm/guards: fix precedence issue with control flow operator With perl 5.40 it report the following error on rpm/guards script: Possible precedence issue with control flow operator (exit) at scripts/guards line 208. Fix the issue by adding parenthesis around ternary operator. - rtc: cmos: Fix return value of nvmem callbacks (git-fixes). - rtc: interface: Add RTC offset to alarm after fix-up (git-fixes). - rtc: isl1208: Fix return value of nvmem callbacks (git-fixes). - rtlwifi: rtl8192de: Style clean-ups (stable-fixes). - s390: Implement __iowrite32_copy() (bsc#1226502) - s390: Stop using weak symbols for __iowrite64_copy() (bsc#1226502) - saa7134: Unchecked i2c_transfer function result fixed (git-fixes). - sched/fair: Do not balance task to its current running CPU (git fixes (sched)). - sched: Fix stop_one_cpu_nowait() vs hotplug (git fixes (sched)). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftests/bpf: Add a selftest for checking subreg equality (bsc#1225903). - selftests/bpf: add pre bpf_prog_test_run_opts() callback for test_loader (bsc#1225903). - selftests/bpf: add precision propagation tests in the presence of subprogs (bsc#1225903). - selftests/bpf: Add pruning test case for bpf_spin_lock (bsc#1225903). - selftests/bpf: Check if mark_chain_precision() follows scalar ids (bsc#1225903). - selftests/bpf: check if max number of bpf_loop iterations is tracked (bsc#1225903). - selftests/bpf: fix __retval() being always ignored (bsc#1225903). - selftests/bpf: fix unpriv_disabled check in test_verifier (bsc#1225903). - selftests/bpf: __imm_insn & __imm_const macro for bpf_misc.h (bsc#1225903). - selftests/bpf: make test_align selftest more robust (bsc#1225903). - selftests/bpf: populate map_array_ro map for verifier_array_access test (bsc#1225903). - selftests/bpf: prog_tests entry point for migrated test_verifier tests (bsc#1225903). - selftests/bpf: Report program name on parse_test_spec error (bsc#1225903). - selftests/bpf: Support custom per-test flags and multiple expected messages (bsc#1225903). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test case for relaxed prunning of active_lock.id (bsc#1225903). - selftests/bpf: test cases for regsafe() bug skipping check_id() (bsc#1225903). - selftests/bpf: Tests execution support for test_loader.c (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: Unprivileged tests for test_loader.c (bsc#1225903). - selftests/bpf: Verify copy_register_state() preserves parent/live fields (bsc#1225903). - selftests/bpf: verify states_equal() maintains idmap across all frames (bsc#1225903). - selftests/bpf: Verify that check_ids() is used for scalars in regsafe() (bsc#1225903). - selftests/sigaltstack: Fix ppc64 GCC build (git-fixes). - soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (stable-fixes). - spi: imx: Do not expect DMA for i.MX{25,35,50,51,53} cspi devices (stable-fixes). - spi: mux: set ctlr->bits_per_word_mask (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228850). - SUNRPC: avoid soft lockup when transmitting UDP to reachable server (bsc#1225272). - SUNRPC: Fix gss_free_in_token_pages() (git-fixes). - SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (git-fixes). - sunrpc: fix NFSACL RPC retry on soft mount (git-fixes). - SUNRPC: return proper error from gss_wrap_req_priv (git-fixes). - supported.conf: - tpm: Allow system suspend to continue when TPM suspend fails (bsc#1082555). - tpm: Prevent hwrng from activating during resume (bsc#1082555). - tpm_tis: Resend command to recover from data transfer errors (bsc#1082555). - tpm_tis: Use tpm_chip_{start,stop} decoration inside tpm_tis_resume (bsc#1082555). - tpm, tpm: Implement usage counter for locality (bsc#1082555). - tpm, tpm_tis: Avoid cache incoherency in test for interrupts (bsc#1082555). - tpm, tpm_tis: Claim locality before writing interrupt registers (bsc#1082555). - tpm, tpm_tis: Claim locality in interrupt handler (bsc#1082555). - tpm, tpm_tis: Claim locality when interrupts are reenabled on resume (bsc#1082555). - tpm, tpm_tis: correct tpm_tis_flags enumeration values (bsc#1082555). - tpm, tpm_tis: Do not skip reset of original interrupt vector (bsc#1082555). - tpm, tpm_tis: Only handle supported interrupts (bsc#1082555). - tracing: Build event generation tests only as modules (git-fixes). - tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() (git-fixes). - tracing/osnoise: Add osnoise/options file (bsc#1228330) - tracing/osnoise: Add OSNOISE_WORKLOAD option (bsc#1228330) - tracing/osnoise: Do not follow tracing_cpumask (bsc#1228330) - tracing/osnoise: Fix notify new tracing_max_latency (bsc#1228330) - tracing/osnoise: Make osnoise_instances static (bsc#1228330) - tracing/osnoise: Split workload start from the tracer start (bsc#1228330) - tracing/osnoise: Support a list of trace_array *tr (bsc#1228330) - tracing/osnoise: Use built-in RCU list checking (bsc#1228330) - tracing/timerlat: Notify new max thread latency (bsc#1228330) - USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (stable-fixes). - usb: cdns3: allocate TX FIFO size according to composite EP number (git-fixes). - usb: cdns3: fix incorrect calculation of ep_buf_size when more than one config (git-fixes). - usb: cdns3: fix iso transfer error when mult is not zero (git-fixes). - usb: cdns3: improve handling of unaligned address case (git-fixes). - usb: cdns3: optimize OUT transfer by copying only actual received data (git-fixes). - usb: cdns3: skip set TRB_IOC when usb_request: no_interrupt is true (git-fixes). - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (git-fixes). - usb: dwc3: gadget: Do not delay End Transfer on delayed_status (git-fixes). - usb: dwc3: gadget: Force sending delayed status during soft disconnect (git-fixes). - usb: dwc3: gadget: Synchronize IRQ between soft connect/disconnect (git-fixes). - usb: gadget: call usb_gadget_check_config() to verify UDC capability (git-fixes). - usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (stable-fixes). - usb: gadget: printer: SS+ support (stable-fixes). - usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (stable-fixes). - USB: serial: mos7840: fix crash on resume (git-fixes). - USB: serial: option: add Fibocom FM350-GL (stable-fixes). - USB: serial: option: add Netprisma LCUK54 series modules (stable-fixes). - USB: serial: option: add Rolling RW350-GL variants (stable-fixes). - USB: serial: option: add support for Foxconn T99W651 (stable-fixes). - USB: serial: option: add Telit FN912 rmnet compositions (stable-fixes). - USB: serial: option: add Telit generic core-dump composition (stable-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: xhci-plat: Do not include xhci.h (git-fixes). - USB: xhci-plat: fix legacy PHY double init (git-fixes). - wifi: ath11k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: brcmsmac: LCN PHY code is used for BCM4313 2G-only device (git-fixes). - wifi: cfg80211: fix typo in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() (git-fixes). - wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (git-fixes). - wifi: cfg80211: wext: add extra SIOCSIWSCAN data check (stable-fixes). - wifi: iwlwifi: mvm: d3: fix WoWLAN command version lookup (stable-fixes). - wifi: iwlwifi: mvm: Handle BIGTK cipher in kek_kck cmd (stable-fixes). - wifi: iwlwifi: mvm: properly set 6 GHz channel direct probe option (stable-fixes). - wifi: mac80211: disable softirqs for queued frame handling (git-fixes). - wifi: mac80211: fix UBSAN noise in ieee80211_prep_hw_scan() (stable-fixes). - wifi: mac80211: handle tasklet frames before stopping (stable-fixes). - wifi: mac80211: mesh: init nonpeer_pm to active by default in mesh sdata (stable-fixes). - wifi: mt76: replace skb_put with skb_put_zero (stable-fixes). - wifi: mwifiex: Fix interface type change (git-fixes). - wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (git-fixes). - wifi: wilc1000: fix ies_len type in connect path (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/amd_nb: Use Family 19h Models 60h-7Fh Function 4 IDs (git-fixes). - x86/apic: Force native_apic_mem_read() to use the MOV instruction (git-fixes). - x86/bhi: Avoid warning in #DB handler due to BHI mitigation (git-fixes). - x86/bugs: Remove default case for fully switched enums (bsc#1227900). - x86/fpu: Fix AMD X86_BUG_FXSAVE_LEAK fixup (git-fixes). - x86/ibt,ftrace: Search for __fentry__ location (git-fixes). - x86/Kconfig: Transmeta Crusoe is CPU family 5, not 6 (git-fixes). - x86/mm: Allow guest.enc_status_change_prepare() to fail (git-fixes). - x86/mm: Fix enc_status_change_finish_noop() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (bsc#1227900). - x86/srso: Remove 'pred_cmd' label (bsc#1227900). - x86: Stop using weak symbols for __iowrite32_copy() (bsc#1226502) - x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (git-fixes). - xfs: Add cond_resched to block unmap range and reflink remap path (bsc#1228226). - xhci: Apply broken streams quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Apply reset resume quirk to Etron EJ188 xHCI host (stable-fixes). - xhci: Set correct transferred length for cancelled bulk transfers (stable-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2967-1 Released: Mon Aug 19 15:41:29 2024 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1194818 This update for pam fixes the following issue: - Prevent cursor escape from the login prompt (bsc#1194818). The following package changes have been done: - libuuid1-2.37.4-150500.9.14.2 updated - libsmartcols1-2.37.4-150500.9.14.2 updated - libblkid1-2.37.4-150500.9.14.2 updated - libopenssl1_1-1.1.1l-150500.17.34.1 updated - libfdisk1-2.37.4-150500.9.14.2 updated - libmount1-2.37.4-150500.9.14.2 updated - krb5-1.20.1-150500.3.9.1 updated - login_defs-4.8.1-150500.3.9.1 updated - pam-1.3.0-150000.6.71.2 updated - shadow-4.8.1-150500.3.9.1 updated - util-linux-2.37.4-150500.9.14.2 updated - util-linux-systemd-2.37.4-150500.9.14.2 updated - dracut-055+suse.388.g70c21afa-150500.3.21.2 updated - libfreebl3-3.101.2-150400.3.48.1 updated - mozilla-nss-certs-3.101.2-150400.3.48.1 updated - mozilla-nss-3.101.2-150400.3.48.1 updated - libsoftokn3-3.101.2-150400.3.48.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - kernel-rt-5.14.21-150500.13.64.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.103 updated From sle-container-updates at lists.suse.com Fri Aug 30 07:03:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 Aug 2024 09:03:52 +0200 (CEST) Subject: SUSE-CU-2024:3904-1: Security update of suse/389-ds Message-ID: <20240830070352.3B99DFBA3@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3904-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-41.4 , suse/389-ds:latest Container Release : 41.4 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.9.1 updated From sle-container-updates at lists.suse.com Fri Aug 30 07:03:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 Aug 2024 09:03:56 +0200 (CEST) Subject: SUSE-CU-2024:3905-1: Recommended update of bci/golang Message-ID: <20240830070356.AFEC7FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3905-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.34.3 , bci/golang:oldstable , bci/golang:oldstable-2.34.3 Container Release : 34.3 Severity : moderate Type : recommended References : 1218424 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3056-1 Released: Wed Aug 28 14:50:32 2024 Summary: Recommended update for go1.22 Type: recommended Severity: moderate References: 1218424 This update for go1.22 fixes the following issue: - go1.22.6 (released 2024-08-06) includes fixes to the go command, the compiler, the linker, the trace command, the covdata command, and the bytes, go/types, and os/exec packages (bsc#1218424). The following package changes have been done: - go1.22-doc-1.22.6-150000.1.24.2 updated - go1.22-1.22.6-150000.1.24.2 updated - go1.22-race-1.22.6-150000.1.24.2 updated From sle-container-updates at lists.suse.com Fri Aug 30 07:03:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 Aug 2024 09:03:58 +0200 (CEST) Subject: SUSE-CU-2024:3906-1: Security update of bci/kiwi Message-ID: <20240830070358.2E176FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3906-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-10.4 , bci/kiwi:9.24 , bci/kiwi:9.24-10.4 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-10.4 , bci/kiwi:latest Container Release : 10.4 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.9.1 updated From sle-container-updates at lists.suse.com Fri Aug 30 07:04:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 Aug 2024 09:04:02 +0200 (CEST) Subject: SUSE-CU-2024:3907-1: Security update of bci/python Message-ID: <20240830070402.B6344FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3907-1 Container Tags : bci/python:3 , bci/python:3-48.4 , bci/python:3.11 , bci/python:3.11-48.4 Container Release : 48.4 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3055-1 Released: Wed Aug 28 14:49:28 2024 Summary: Security update for python-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python311-setuptools-67.7.2-150400.3.16.1 updated From sle-container-updates at lists.suse.com Fri Aug 30 07:04:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 30 Aug 2024 09:04:07 +0200 (CEST) Subject: SUSE-CU-2024:3908-1: Security update of bci/python Message-ID: <20240830070407.AA332FBA3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3908-1 Container Tags : bci/python:3 , bci/python:3-47.4 , bci/python:3.6 , bci/python:3.6-47.4 Container Release : 47.4 Severity : important Type : security References : 1228105 CVE-2024-6345 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3054-1 Released: Wed Aug 28 14:48:31 2024 Summary: Security update for python3-setuptools Type: security Severity: important References: 1228105,CVE-2024-6345 This update for python3-setuptools fixes the following issues: - CVE-2024-6345: Fixed code execution via download functions in the package_index module (bsc#1228105) The following package changes have been done: - python3-setuptools-44.1.1-150400.9.9.1 updated From sle-container-updates at lists.suse.com Sat Aug 31 07:01:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 31 Aug 2024 09:01:59 +0200 (CEST) Subject: SUSE-CU-2024:3914-1: Recommended update of suse/sl-micro/6.0/toolbox Message-ID: <20240831070159.488C0FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sl-micro/6.0/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3914-1 Container Tags : suse/sl-micro/6.0/toolbox:13.2 , suse/sl-micro/6.0/toolbox:13.2-6.8 , suse/sl-micro/6.0/toolbox:latest Container Release : 6.8 Severity : critical Type : recommended References : 1229339 ----------------------------------------------------------------- The container suse/sl-micro/6.0/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 26 Released: Fri Aug 30 11:28:02 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: critical References: 1229339 This update for suse-build-key fixes the following issues: Extended 2048 bit SUSE SLE 12, 15 GA-SP5 key until 2028. (bsc#1229339) The following package changes have been done: - SL-Micro-release-6.0-24.9 updated - skelcd-EULA-SL-Micro-2024.01.19-7.15 updated - suse-build-key-12.0-4.1 updated